Strix
26.1K

CVE-2017-17160

UnknownEPSS 1.08%

Last modified

CVE-2017-17160 is a vulnerability of currently unknown severity. Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. EPSS estimates a 1.08% chance of exploitation in the next 30 days.

Description

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart.

Metrics

EPSS Probability
1.08%

60.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiAr120-S Firmwarev200r006c10
HuaweiAr120-S Firmwarev200r007c00
HuaweiAr1200 Firmwarev200r006c10
HuaweiAr1200 Firmwarev200r006c13
HuaweiAr1200 Firmwarev200r007c00
HuaweiAr1200 Firmwarev200r007c02
HuaweiAr1200-S Firmwarev200r006c10
HuaweiAr1200-S Firmwarev200r007c00
HuaweiAr1200-S Firmwarev200r008c20
HuaweiAr150 Firmwarev200r006c10
HuaweiAr150 Firmwarev200r007c00
HuaweiAr150 Firmwarev200r007c02
HuaweiAr150-S Firmwarev200r006c10
HuaweiAr150-S Firmwarev200r007c00
HuaweiAr160 Firmwarev200r006c10
HuaweiAr160 Firmwarev200r006c12
HuaweiAr160 Firmwarev200r007c00
HuaweiAr160 Firmwarev200r007c02
HuaweiAr200 Firmwarev200r006c10
HuaweiAr200 Firmwarev200r007c00
HuaweiAr200-S Firmwarev200r006c10
HuaweiAr200-S Firmwarev200r007c00
HuaweiAr2200 Firmwarev200r006c10
HuaweiAr2200 Firmwarev200r006c13
HuaweiAr2200 Firmwarev200r006c16pwe
HuaweiAr2200 Firmwarev200r007c00
HuaweiAr2200-S Firmwarev200r006c10
HuaweiAr2200-S Firmwarev200r007c00
HuaweiAr2200-S Firmwarev200r008c20
HuaweiAr3200 Firmwarev200r006c10
HuaweiAr3200 Firmwarev200r006c11
HuaweiAr3200 Firmwarev200r007c00
HuaweiAr3200 Firmwarev200r007c02
HuaweiAr3600 Firmwarev200r006c10
HuaweiAr3600 Firmwarev200r007c00
HuaweiAr510 Firmwarev200r006c12
HuaweiAr510 Firmwarev200r006c13
HuaweiAr510 Firmwarev200r006c15
HuaweiAr510 Firmwarev200r006c16
HuaweiAr510 Firmwarev200r006c17
HuaweiAr510 Firmwarev200r007c00
HuaweiNetengine16ex Firmwarev200r006c10
HuaweiNetengine16ex Firmwarev200r007c00
HuaweiSrg1300 Firmwarev200r006c10
HuaweiSrg1300 Firmwarev200r007c00
HuaweiSrg1300 Firmwarev200r007c02
HuaweiSrg2300 Firmwarev200r006c10
HuaweiSrg2300 Firmwarev200r007c00
HuaweiSrg2300 Firmwarev200r007c02
HuaweiSrg3300 Firmwarev200r006c10

Showing 50 of 51 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-17160?
Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart.
How severe is CVE-2017-17160?
Severity scoring for CVE-2017-17160 is pending analysis. The EPSS model estimates a 1.08% probability of exploitation in the next 30 days.
How do I fix CVE-2017-17160?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-17160?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST