Integer Overflow Vulnerability in Huawei CloudEngine and Secospace Products
CVE-2016-8795

5.9MEDIUM

Key Information:

Vendor: Huawei
Status: Cloudengine 5800, Cloudengine 6800, Cloudengine 7800, Cloudengine 8800,cloudengine 12800, Secospace Usg6600 Cloudengine 12800 V100r002c00, V100r003c00, V100r003c10, V100r005c00, V100r005c10, V100r006c00,cloudengine 5800 V100r002c00, V100r003c00, V100r003c10, V100r005c00, V100r005c10, V100r006c00, Cloudengine 6800 V100r002c00, V100r003c00, V100r003c10, V100r005c00, V100r005c10, V100r006c00,cloudengine 7800 V100r003c00, V100r003c10, V100r005c00, V100r005c10, V100r006c00, Cloudengine 8800 V100r006c00, Secospace Usg6600 V500r001c00
Vendor: CVE Published:; 2 April 2017

Summary

The vulnerabilities in Huawei's CloudEngine and Secospace series allow remote, unauthenticated attackers to exploit an integer overflow by sending specially crafted IPFPM packets. This action may lead to unexpected behavior, including device resets. It affects multiple models across the CloudEngine and Secospace product lines, creating potential security risks that require immediate attention from users and administrators to mitigate.

Affected Version(s)

CloudEngine 5800, CloudEngine 6800, CloudEngine 7800, CloudEngine 8800,CloudEngine 12800, Secospace USG6600 CloudEngine 12800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, CloudEngine 6800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, CloudEngine 8800 V100R006C00, Secospace USG6600 V500R001C00 CloudEngine 5800, CloudEngine 6800, CloudEngine 7800, CloudEngine 8800,CloudEngine 12800, Secospace USG6600 CloudEngine 12800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, CloudEngine 6800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, CloudEngine 8800 V100R006C00, Secospace USG6600 V500R001C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94504

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2017
Vulnerability Reserved
Oct 18, 2016