CVE-2017-15348
HIGHHuawei IPS Module V500R001C00 - Unauthenticated Denial of Service via MPLS Echo Request
Title source: llmDescription
Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en
Scores
CVSS v3
7.5
EPSS
0.0015
EPSS Percentile
35.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (8)
huawei/ips_module_firmware
v500r001c00
huawei/ngfw_module_firmware
v500r001c00
huawei/nip6300_firmware
v500r001c00
huawei/nip6600_firmware
v500r001c00
huawei/secospace_usg6300_firmware
v500r001c00
huawei/secospace_usg6500_firmware
v500r001c00
huawei/secospace_usg6600_firmware
v500r001c00
huawei/usg9500_firmware
v500r001c00
Published
Feb 15, 2018
Tracked Since
Feb 18, 2026