Details of VAR-201801-1827

ID

VAR-201801-1827

TITLE

H3 Protocol Memory Leak Vulnerability for Various Huawei Products (CNVD-2018-00344)

Trust: 0.6

sources: CNVD: CNVD-2018-00344

DESCRIPTION

Huawei AR series routers, DP300, NetEngine16EX and other Chinese Huawei products. A number of Huawei products have a null pointer reference vulnerability in the H323 protocol. The vulnerability is due to the failure of the H323 protocol to adequately verify packets. An attacker can send an attack to a device by sending a malformed packet, which can cause a memory leak and cause a denial of service attack.

Trust: 0.6

sources: CNVD: CNVD-2018-00344

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-00344

AFFECTED PRODUCTS

vendor:	huawei	model:	ar3200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3106 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r006c13	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r006c12	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r006c16pwe	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r006c13	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c11	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c12	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c13	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c15	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c16	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c17	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r006c16	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c10	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-00344

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-00344
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2018-00344
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-00344

PATCH

title:

Patch of several Huawei products H323 protocol memory leak vulnerability (CNVD-2018-00344)

url:

https://www.cnvd.org.cn/patchinfo/show/112739

Trust: 0.6

sources: CNVD: CNVD-2018-00344

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-00344

Trust: 0.6

sources: CNVD: CNVD-2018-00344

REFERENCES

url:

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171227-01-h323-cn

Trust: 0.6

sources: CNVD: CNVD-2018-00344

SOURCES

db:

CNVD

id:

CNVD-2018-00344

LAST UPDATE DATE

2022-05-04T09:43:28.382000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-00344

date:

2018-01-05T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-00344

date:

2018-01-05T00:00:00