Security Advisory - Buffer Overflow Vulnerability in Huawei Several Products

2016-05-11T00:00:00
ID HUAWEI-SA-20160511-01-ASPF
Type huawei
Reporter Huawei Technologies
Modified 2016-05-18T00:00:00

Description

There is a vulnerability in several Huawei devices: USG series, NGFW Module, IPS Module, NIP series and AntiDDoS8000.

These products have a buffer overflow vulnerability in the Application Specific Packet Filtering (ASPF) function. An attacker may craft a malformed packet with illegitimate parameters, leading to denial of service or the potential execution of arbitrary code. (Vulnerability ID: HWPSIRT-2016-04005)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-4576.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-aspf-en