CVE-2017-8147 in AC6005
Summary
by MITRE
AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,CloudEngine 12800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 5800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 6800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 7800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 8800 with software V100R006C00, V200R001C00,E600 V200R008C00,S12700 with software V200R005C00, V200R006C00, V200R007C00, V200R008C00,S1700 with software V100R006C00, V100R007C00, V200R006C00,S2300 with software V100R005C00, V100R006C00, V100R006C03, V100R006C05, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00,S2700 with software V100R005C00, V100R006C00, V100R006C03, V100R006C05, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00,S5300 with software V100R005C00, V100R006C00, V100R006C01, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S5700 with software V100R005C00, V100R006C00, V100R006C01, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S6300 with software V100R006C00, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R008C00,S6700 with software V100R006C00, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S7700 with software V100R003C00, V100R006C00, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S9300 with software V100R001C00, V100R002C00, V100R003C00, V100R006C00, V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R008C10,S9700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00,Secospace USG6600 V500R001C00SPC050 have a MaxAge LSA vulnerability due to improper OSPF implementation. When the device receives special LSA packets, the LS (Link Status) age would be set to MaxAge, 3600 seconds. An attacker can exploit this vulnerability to poison the route table and launch a DoS attack.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/11/2023
The vulnerability identified as CVE-2017-8147 represents a critical flaw in Huawei's OSPF implementation across multiple network device families including AR series routers, CloudEngine switches, and various security appliances. This vulnerability stems from an improper handling of Link State Advertisement (LSA) packets within the Open Shortest Path First protocol implementation. The core issue manifests when devices receive specially crafted LSA packets that trigger an incorrect aging mechanism, causing the Link State age field to be set to the maximum value of 3600 seconds, effectively rendering the affected routing information stale and unusable. This flaw operates at the network layer protocol implementation level and directly impacts the routing stability and availability of affected Huawei network infrastructure.
The technical exploitation of this vulnerability occurs through the manipulation of OSPF Link State Advertisements where an attacker can craft malicious LSA packets that force the receiving device to treat routing information as permanently aged. This creates a condition where legitimate routing updates become ineffective and the device's routing table becomes poisoned with stale information. The vulnerability specifically affects devices running various software versions across different product lines including AC6005, AC6605, AR1200, AR200, AR3200, CloudEngine 12800, 5800, 6800, 7800, 8800 series, E600, S12700, S1700, S2300, S2700, S5300, S5700, S6300, S6700, S7700, S9300, and S9700 series devices. The flaw enables attackers to perform denial-of-service attacks by disrupting routing operations and can potentially lead to complete network partitioning or service disruption.
From a cybersecurity perspective, this vulnerability maps directly to CWE-122 (Heap Overflow) and CWE-125 (Out-of-bounds Read) categories within the Common Weakness Enumeration framework, representing improper input validation and memory handling issues in protocol implementation. The attack vector aligns with ATT&CK technique T1498.001 (Network Denial of Service) and T1566.001 (Phishing via Social Engineering) when considering the potential for initial compromise through network reconnaissance. The operational impact extends beyond simple service disruption as it compromises the fundamental routing integrity of affected networks, potentially affecting critical infrastructure and enterprise connectivity. Network administrators may experience complete routing table poisoning where legitimate routes become unusable, leading to complete network segmentation and service outages that can persist for the duration of the MaxAge period.
Mitigation strategies for CVE-2017-8147 should focus on immediate software updates and patches provided by Huawei to address the OSPF implementation flaw. Network administrators should implement OSPF authentication mechanisms to prevent unauthorized LSA packet injection and consider implementing traffic filtering rules to restrict OSPF packet transmission from untrusted sources. The deployment of network monitoring tools capable of detecting abnormal LSA packet patterns and age values can provide early warning of potential exploitation attempts. Additionally, implementing redundant routing paths and network segmentation strategies can help maintain service availability during potential exploitation periods. Organizations should also conduct thorough vulnerability assessments across their entire network infrastructure to identify all affected devices and ensure proper patch management protocols are established to prevent similar issues in the future. The vulnerability highlights the critical importance of proper protocol implementation validation and the need for continuous security monitoring in network infrastructure components.