6.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.018 Low
EPSS
Percentile
88.1%
There is a vulnerability in several Huawei devices: USG series and NGFW Module.
These products have a buffer overflow vulnerability in the Smart DNS function. An attacker may craft a malformed packet with illegitimate parameters, leading to denial of service or the potential execution of arbitrary code. (Vulnerability ID: HWPSIRT-2016-04006)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-4577.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-dns-en
CPE | Name | Operator | Version |
---|---|---|---|
ngfw module | eq | V500R001C00 | |
secospace usg6300 | eq | V500R001C00 | |
secospace usg6500 | eq | V500R001C00 | |
secospace usg6600 | eq | V500R001C00 | |
usg9500 | eq | V500R001C00 |
6.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.018 Low
EPSS
Percentile
88.1%