Vulnerability Details CVE-2017-17166
Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2017-17166
-
cpe:2.3:h:huawei:dp300:-
-
cpe:2.3:h:huawei:secospace_usg6300:-
-
cpe:2.3:h:huawei:secospace_usg6500:-
-
cpe:2.3:h:huawei:secospace_usg6600:-
-
cpe:2.3:h:huawei:tp3206:-
-
cpe:2.3:h:huawei:vp9660:-
-
cpe:2.3:o:huawei:dp300_firmware:v500r002c00
-
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00
-
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20
-
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30
-
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50
-
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00
-
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20
-
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30
-
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50
-
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00
-
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20
-
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30
-
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50
-
cpe:2.3:o:huawei:tp3206_firmware:v100r002c00
-
cpe:2.3:o:huawei:vp9660_firmware:v500r002c00
-
cpe:2.3:o:huawei:vp9660_firmware:v500r002c10