CVE-2017-17162

MEDIUM

Huawei Secospace USG6600/USG9500 <C30SPC100-300 - Memory Corruption

Title source: llm

Description

Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-772

Status published

Products (6)

huawei/secospace_usg6600_firmware v500r001c30spc100

huawei/secospace_usg6600_firmware v500r001c30spc200

huawei/secospace_usg6600_firmware v500r001c30spc300

huawei/usg9500_firmware v500r001c30spc100

huawei/usg9500_firmware v500r001c30spc200

huawei/usg9500_firmware v500r001c30spc300

Published Feb 15, 2018

Tracked Since Feb 18, 2026