CVE-2016-8795

5.9MEDIUM

Key Information:

Vendor: Huawei
Status: Cloudengine 5800, Cloudengine 6800, Cloudengine 7800, Cloudengine 8800,cloudengine 12800, Secospace Usg6600 Cloudengine 12800 V100r002c00, V100r003c00, V100r003c10, V100r005c00, V100r005c10, V100r006c00,cloudengine 5800 V100r002c00, V100r003c00, V100r003c10, V100r005c00, V100r005c10, V100r006c00, Cloudengine 6800 V100r002c00, V100r003c00, V100r003c10, V100r005c00, V100r005c10, V100r006c00,cloudengine 7800 V100r003c00, V100r003c10, V100r005c00, V100r005c10, V100r006c00, Cloudengine 8800 V100r006c00, Secospace Usg6600 V500r001c00
Vendor: CVE Published:; 2 April 2017

Summary

Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset.

Affected Version(s)

CloudEngine 5800, CloudEngine 6800, CloudEngine 7800, CloudEngine 8800,CloudEngine 12800, Secospace USG6600 CloudEngine 12800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, CloudEngine 6800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, CloudEngine 8800 V100R006C00, Secospace USG6600 V500R001C00 CloudEngine 5800, CloudEngine 6800, CloudEngine 7800, CloudEngine 8800,CloudEngine 12800, Secospace USG6600 CloudEngine 12800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, CloudEngine 6800 V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, CloudEngine 8800 V100R006C00, Secospace USG6600 V500R001C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94504

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2017
Vulnerability Reserved
Oct 18, 2016