Strix
26.1K

CVE-2017-17299

UnknownEPSS 1.24%

Last modified

CVE-2017-17299 is a vulnerability of currently unknown severity. Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. EPSS estimates a 1.24% chance of exploitation in the next 30 days.

Description

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages, successful exploit will cause invalid memory access and result in a denial of service on the affected products.

Metrics

EPSS Probability
1.24%

65.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiAr120-S Firmwarev200r006c10
HuaweiAr120-S Firmwarev200r007c00
HuaweiAr1200 Firmwarev200r006c10
HuaweiAr1200 Firmwarev200r006c13
HuaweiAr1200 Firmwarev200r007c00
HuaweiAr1200 Firmwarev200r007c02
HuaweiAr1200-S Firmwarev200r006c10
HuaweiAr1200-S Firmwarev200r007c00
HuaweiAr1200-S Firmwarev200r008c20
HuaweiAr150 Firmwarev200r006c10
HuaweiAr150 Firmwarev200r007c00
HuaweiAr150 Firmwarev200r007c02
HuaweiAr150-S Firmwarev200r006c10
HuaweiAr150-S Firmwarev200r007c00
HuaweiAr160 Firmwarev200r006c10
HuaweiAr160 Firmwarev200r006c12
HuaweiAr160 Firmwarev200r007c00s
HuaweiAr160 Firmwarev200r007c02
HuaweiAr200 Firmwarev200r006c10
HuaweiAr200 Firmwarev200r007c00
HuaweiAr200-S Firmwarev200r006c10
HuaweiAr200-S Firmwarev200r007c00
HuaweiAr2200 Firmwarev200r006c10
HuaweiAr2200 Firmwarev200r006c13
HuaweiAr2200 Firmwarev200r006c16
HuaweiAr2200 Firmwarev200r007c00
HuaweiAr2200 Firmwarev200r007c02
HuaweiAr2200-S Firmwarev200r006c10
HuaweiAr2200-S Firmwarev200r007c00
HuaweiAr2200-S Firmwarev200r008c20
HuaweiAr3200 Firmwarev200r006c10
HuaweiAr3200 Firmwarev200r006c11
HuaweiAr3200 Firmwarev200r007c00
HuaweiAr3200 Firmwarev200r007c02
HuaweiAr3600 Firmwarev200r006c10
HuaweiAr3600 Firmwarev200r007c00
HuaweiAr510 Firmwarev200r006c12
HuaweiAr510 Firmwarev200r006c13
HuaweiAr510 Firmwarev200r006c15
HuaweiAr510 Firmwarev200r006c16
HuaweiAr510 Firmwarev200r006c17
HuaweiAr510 Firmwarev200r007c00
HuaweiIps Module Firmwarev500r001c30
HuaweiNip6300 Firmwarev500r001c30
HuaweiNetengine16ex Firmwarev200r006c10
HuaweiNetengine16ex Firmwarev200r007c00

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-17299?
Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages, successful exploit will cause invalid memory access and result in a denial of service on the affected products.
How severe is CVE-2017-17299?
Severity scoring for CVE-2017-17299 is pending analysis. The EPSS model estimates a 1.24% probability of exploitation in the next 30 days.
How do I fix CVE-2017-17299?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-17299?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST