CVE-2017-17162

MEDIUM

Huawei Secospace USG6600/USG9500 <C30SPC100-300 - Memory Corruption

Title source: llm

Description

Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-772

Status published

Affected Products (6)

huawei/secospace_usg6600_firmware

huawei/usg9500_firmware

Timeline

Published Feb 15, 2018

Tracked Since Feb 18, 2026