This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy
Security Advisory - MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products
- SA No:huawei-sa-20170720-01-ospf
- Initial Release Date:2017-07-20
- Last Release Date:2020-11-05
This vulnerability has been assigned a CVE ID: CVE-2017-8147.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170720-01-ospf-en
Product Name |
Affected Version |
Resolved Product and Version |
AC6005 |
V200R006C10SPC200 |
V2R6C20 |
AC6605 |
V200R006C10SPC200 |
V2R6C20 |
AR1200 |
V200R005C10CP0582T |
v200r007c00spcb00 |
V200R005C10HP0581T |
||
V200R005C20SPC026T |
||
AR200 |
V200R005C20SPC026T |
v200r007c00spcb00 |
AR3200 |
V200R005C20SPC026T |
v200r007c00spcb00 |
CloudEngine 12800 |
V100R003C00 |
V200R002C50 |
V100R005C00 |
||
V100R005C10 |
||
V100R006C00 |
||
V200R001C00 |
||
CloudEngine 5800 |
V100R003C00 |
V200R002C50 |
V100R005C00 |
||
V100R005C10 |
||
V100R006C00 |
||
V200R001C00 |
||
CloudEngine 6800 |
V100R003C00 |
V200R002C50 |
V100R005C00 |
||
V100R005C10 |
||
V100R006C00 |
||
V200R001C00 |
||
CloudEngine 7800 |
V100R003C00 |
V200R002C50 |
V100R005C00 |
||
V100R005C10 |
||
V100R006C00 |
||
V200R001C00 |
||
CloudEngine 8800 |
V100R006C00 |
V200R002C50 |
V200R001C00 |
||
E600 |
V200R008C00 |
V200R009C00 |
NE20E-S |
V800R005C01SPC100 |
V800R009C10SPC200 |
V800R005C01SPC200 |
||
V800R006C00SPC300 |
||
V800R007C00SPC200 |
||
V800R007C10SPC100 |
||
V800R008C10SPC300 |
||
V800R008C10SPC500 |
||
NE40E |
V600R003C00 |
V600R009C20SPC600 |
V600R006C00 |
||
V600R007C00 |
||
V600R008C10 |
||
V600R008C20 |
||
V600R009C00 |
||
V800R005C01 |
V800R009C10SPC200 |
|
V800R006C00 |
||
V800R006C20 |
||
V800R006C30 |
||
V800R007C00 |
||
V800R008C00 |
||
V800R008C10 |
||
V800R009C00 |
||
NE40E-M |
V800R007C10 |
V800R009C10SPC200 |
V800R008C00 |
||
V800R008C10 |
||
V800R009C00 |
||
S12700 |
V200R005C00 |
V200R009C00 |
V200R006C00 |
||
V200R007C00 |
||
V200R008C00 |
||
S1700 |
V100R006C00 |
V200R009C00 |
V100R007C00 |
||
V200R006C00 |
||
S2300 |
V100R005C00 |
V200R009C00 |
V100R006C00 |
||
V100R006C03 |
||
V100R006C05 |
||
V200R003C00 |
||
V200R003C02 |
||
V200R003C10 |
||
V200R005C00 |
||
V200R005C01 |
||
V200R005C02 |
||
V200R005C03 |
||
V200R006C00 |
||
V200R007C00 |
||
V200R008C00 |
||
S2700 |
V100R005C00 |
V200R009C00 |
V100R006C00 |
||
V100R006C03 |
||
V100R006C05 |
||
V200R003C00 |
||
V200R003C02 |
||
V200R003C10 |
||
V200R005C00 |
||
V200R005C01 |
||
V200R005C02 |
||
V200R005C03 |
||
V200R006C00 |
||
V200R007C00 |
||
V200R008C00 |
||
S5300 |
V100R005C00 |
V200R009C00 |
V100R006C00 |
||
V100R006C01 |
||
V200R001C00 |
||
V200R001C01 |
||
V200R002C00 |
||
V200R003C00 |
||
V200R003C02 |
||
V200R003C10 |
||
V200R005C00 |
||
V200R006C00 |
||
V200R007C00 |
||
V200R008C00 |
||
S5700 |
V100R005C00 |
V200R009C00 |
V100R006C00 |
||
V100R006C01 |
||
V200R001C00 |
||
V200R001C01 |
||
V200R002C00 |
||
V200R003C00 |
||
V200R003C02 |
||
V200R003C10 |
||
V200R005C00 |
||
V200R006C00 |
||
V200R007C00 |
||
V200R008C00 |
||
S6300 |
V100R006C00 |
V200R009C00 |
V200R001C00 |
||
V200R001C01 |
||
V200R002C00 |
||
V200R003C00 |
||
V200R003C02 |
||
V200R003C10 |
||
V200R005C00 |
||
V200R008C00 |
||
S6700 |
V100R006C00 |
V200R009C00 |
V200R001C00 |
||
V200R001C01 |
||
V200R002C00 |
||
V200R003C00 |
||
V200R003C02 |
||
V200R003C10 |
||
V200R005C00 |
||
V200R006C00 |
||
V200R007C00 |
||
V200R008C00 |
||
S7700 |
V100R003C00 |
V200R009C00 |
V100R006C00 |
||
V200R001C00 |
||
V200R001C01 |
||
V200R002C00 |
||
V200R003C00 |
||
V200R005C00 |
||
V200R006C00 |
||
V200R007C00 |
||
V200R008C00 |
||
S9300 |
V100R001C00 |
V200R009C00 |
V100R002C00 |
||
V100R003C00 |
||
V100R006C00 |
||
V200R001C00 |
||
V200R002C00 |
||
V200R003C00 |
||
V200R005C00 |
||
V200R006C00 |
||
V200R007C00 |
||
V200R008C00 |
||
V200R008C10 |
||
S9700 |
V200R001C00 |
V200R009C00 |
V200R002C00 |
||
V200R003C00 |
||
V200R005C00 |
||
V200R006C00 |
||
V200R007C00 |
||
V200R008C00 |
||
Secospace USG6600 |
V500R001C00 |
V500R001C60SPC300 |
V500R001C20 |
||
V500R001C30 |
Base Score: 6.1 (AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H)
Temporal Score: 5.7 (E:F/RL:O/RC:C)
The attacker accesses to the victim's network.
Vulnerability details:
When the device receives special LSA packets, the LS age would be set to MaxAge, 3600 seconds. An attacker can exploit this vulnerability to poison the route table and launch a DoS attack.
ospf authentication-mode {md5 | hmac-md5 | hmac-sha256}
ospf authentication-mode keychain
Alternatively, run the following commands in the ospf-area view:
authentication-mode {md5 | hmac-md5 | hmac-sha256}
authentication-mode keychain
For details on how to use the specific commands, please refer to the product configuration guide.
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
2020-11-05 V1.5 UPDATED Updated the "Software Versions and Fixes" section; Updated the information in "Score Details";
2018-12-20 V1.4 UPDATED Updated the "Software Versions and Fixes" section;
2017-11-22 V1.3 UPDATED Updated the "Software Versions and Fixes" section; Updated the information in "Temporary Fixes";
2017-11-14 V1.2 UPDATED Assigned a CVE ID(CVE-2017-8147) to the vulnerability; Updated the "Software Versions and Fixes" section;
2017-07-26 V1.1 UPDATED Updated the "Software Versions and Fixes" section;
2017-07-20 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.