Strix
26.1K

CVE-2017-17165

UnknownEPSS 0.98%

Last modified

CVE-2017-17165 is a vulnerability of currently unknown severity. IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. EPSS estimates a 0.98% chance of exploitation in the next 30 days.

Description

IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset.

Metrics

EPSS Probability
0.98%

57.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiQuidway S2700 Firmwarev200r003c00spc300
HuaweiQuidway S5300 Firmwarev200r003c00spc300
HuaweiQuidway S5700 Firmwarev200r003c00spc300
HuaweiS2300 Firmwarev200r003c00
HuaweiS2300 Firmwarev200r003c00spc300t
HuaweiS2300 Firmwarev200r005c00
HuaweiS2300 Firmwarev200r006c00
HuaweiS2300 Firmwarev200r007c00
HuaweiS2300 Firmwarev200r008c00
HuaweiS2300 Firmwarev200r009c00
HuaweiS2700 Firmwarev200r005c00
HuaweiS2700 Firmwarev200r006c00
HuaweiS2700 Firmwarev200r007c00
HuaweiS2700 Firmwarev200r008c00
HuaweiS2700 Firmwarev200r009c00
HuaweiS5300 Firmwarev200r003c00
HuaweiS5300 Firmwarev200r003c00spc300t
HuaweiS5300 Firmwarev200r003c00spc600
HuaweiS5300 Firmwarev200r003c02
HuaweiS5300 Firmwarev200r005c00
HuaweiS5300 Firmwarev200r005c01
HuaweiS5300 Firmwarev200r005c02
HuaweiS5300 Firmwarev200r005c03
HuaweiS5300 Firmwarev200r005c05
HuaweiS5300 Firmwarev200r006c00
HuaweiS5300 Firmwarev200r007c00
HuaweiS5300 Firmwarev200r008c00
HuaweiS5300 Firmwarev200r009c00
HuaweiS5700 Firmwarev200r003c00
HuaweiS5700 Firmwarev200r003c00spc316t
HuaweiS5700 Firmwarev200r003c00spc600
HuaweiS5700 Firmwarev200r003c02
HuaweiS5700 Firmwarev200r005c00
HuaweiS5700 Firmwarev200r005c01
HuaweiS5700 Firmwarev200r005c02
HuaweiS5700 Firmwarev200r005c03
HuaweiS5700 Firmwarev200r006c00
HuaweiS5700 Firmwarev200r007c00
HuaweiS5700 Firmwarev200r008c00
HuaweiS5700 Firmwarev200r009c00
HuaweiS600-E Firmwarev200r008c00
HuaweiS600-E Firmwarev200r009c00
HuaweiS6300 Firmwarev200r003c00
HuaweiS6300 Firmwarev200r005c00
HuaweiS6300 Firmwarev200r007c00
HuaweiS6300 Firmwarev200r008c00
HuaweiS6300 Firmwarev200r009c00
HuaweiS6700 Firmwarev200r003c00
HuaweiS6700 Firmwarev200r005c00
HuaweiS6700 Firmwarev200r005c01

Showing 50 of 54 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-17165?
IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset.
How severe is CVE-2017-17165?
Severity scoring for CVE-2017-17165 is pending analysis. The EPSS model estimates a 0.98% probability of exploitation in the next 30 days.
How do I fix CVE-2017-17165?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-17165?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST