Buffer Overflow Vulnerability in Huawei CloudEngine Switches
CVE-2016-8790

5.7MEDIUM

Key Information:

Vendor: Huawei
Status: Cloudengine 5800,cloudengine 6800,cloudengine 7800,cloudengine 8800,cloudengine 12800 V100r003c10,v100r005c00,v100r005c10,v100r006c00
Vendor: CVE Published:; 2 April 2017

Summary

A buffer overflow vulnerability exists in multiple models of Huawei's CloudEngine switches. This flaw can be exploited by an attacker who sends specially crafted packets to the affected devices, potentially leading to a main control board reboot. This can interrupt service and compromise the resilience of the network infrastructure, emphasizing the need for prompt software updates to safeguard against such attacks.

Affected Version(s)

CloudEngine 5800,CloudEngine 6800,CloudEngine 7800,CloudEngine 8800,CloudEngine 12800 V100R003C10,V100R005C00,V100R005C10,V100R006C00 CloudEngine 5800,CloudEngine 6800,CloudEngine 7800,CloudEngine 8800,CloudEngine 12800 V100R003C10,V100R005C00,V100R005C10,V100R006C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94402

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2017
Vulnerability Reserved
Oct 18, 2016