HomePentest-Tools.com Logo

Huawei Data Communication: Denial of Service Vulnerability on Several Products (huawei-sa-20171206-01-ssl) CVE-2017-15342

Severity
CVSSv3 Score
7.5
Vulnerability description

There is a denial of service vulnerability on several products. This VT has been deprecated and is therefore no longer functional.

Risk description

There is a denial of service vulnerability on several products. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in the buffer and then denial of service. (Vulnerability ID: HWPSIRT-2016-12099)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15342.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. Successful exploit could cause no space in the buffer and then denial of service.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 15, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available