Description
Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-h323-en
Scores
CVSS v3
5.3
EPSS
0.0023
EPSS Percentile
45.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-400
Status
published
Products (16)
huawei/dp300_firmware
v500r002c00
huawei/secospace_usg6300_firmware
v500r001c00
huawei/secospace_usg6300_firmware
v500r001c20
huawei/secospace_usg6300_firmware
v500r001c30
huawei/secospace_usg6300_firmware
v500r001c50
huawei/secospace_usg6500_firmware
v500r001c00
huawei/secospace_usg6500_firmware
v500r001c20
huawei/secospace_usg6500_firmware
v500r001c30
huawei/secospace_usg6500_firmware
v500r001c50
huawei/secospace_usg6600_firmware
v500r001c00
... and 6 more
Published
Feb 15, 2018
Tracked Since
Feb 18, 2026