Lucene search

Huawei TechnologiesHUAWEI-SA-20160914-01-SEP

HistorySep 14, 2016 - 12:00 a.m.

Security Advisory - DoS Vulnerability in Huawei Switches

2016-09-1400:00:00

Huawei Technologies

www.huawei.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

53.7%

JSON

There is a DoS vulnerability caused by memory leak in some of Huawei products as affected products list below. For lacking of adequate input validation，attackers can craft and send a large number of malformed packets to the target device to exhaust the memory of the device and may cause the device to restart. (Vulnerability ID: HWPSIRT-2016-04022)

_ _

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6518.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-sep-en

Affected configurations

Vulners

Node

huaweis9300MatchV200R001C00

huaweis9300MatchV200R003C00

huaweis9300MatchV200R005C00

huaweis9300MatchV200R006C00

huaweis9300MatchV200R008C00

huaweis5300MatchV200R001C00

huaweis5300MatchV200R002C00

huaweis5300MatchV200R003C00

huaweis5300MatchV200R005C00

huaweis5300MatchV200R005C01

huaweis5300MatchV200R005C02

huaweis5300MatchV200R006C00

huaweis5300MatchV200R007C00

huaweis5300MatchV200R008C00

huaweis5700MatchV200R001C00

huaweis5700MatchV200R001C01

huaweis5700MatchV200R002C00

huaweis5700MatchV200R003C00

huaweis5700MatchV200R003C02

huaweis5700MatchV200R005C00

huaweis5700MatchV200R006C00

huaweis5700MatchV200R008C00

huaweis6300MatchV200R001C00

huaweis6300MatchV200R002C00

huaweis6300MatchV200R003C00

huaweis6300MatchV200R005C00

huaweis6300MatchV200R005C01

huaweis6300MatchV200R005C02

huaweis6300MatchV200R008C00

huaweis6700MatchV200R001C00

huaweis6700MatchV200R001C01

huaweis6700MatchV200R002C00

huaweis6700MatchV200R003C00

huaweis6700MatchV200R008C00

huaweis7700MatchV200R001C00

huaweis7700MatchV200R002C00

huaweis7700MatchV200R003C00

huaweis7700MatchV200R005C00

huaweis7700MatchV200R006C00

huaweis7700MatchV200R008C00

huaweis9700MatchV200R001C00

huaweis9700MatchV200R001C01

huaweis9700MatchV200R002C00

huaweis9700MatchV200R003C00

huaweis9700MatchV200R005C00

huaweis9700MatchV200R006C00

huaweis9700MatchV200R008C00

huaweis12700MatchV200R005C00

huaweis12700MatchV200R006C00

huaweis12700MatchV200R008C00

CPENameOperatorVersion
s9300eqV200R001C00
s9300eqV200R003C00
s9300eqV200R005C00
s9300eqV200R006C00
s9300eqV200R008C00
s5300eqV200R001C00
s5300eqV200R002C00
s5300eqV200R003C00
s5300eqV200R005C00
s5300eqV200R005C01

Name	Operator	Version
s9300	eq	V200R001C00
s9300	eq	V200R003C00
s9300	eq	V200R005C00
s9300	eq	V200R006C00
s9300	eq	V200R008C00
s5300	eq	V200R001C00
s5300	eq	V200R002C00
s5300	eq	V200R003C00
s5300	eq	V200R005C00
s5300	eq	V200R005C01

Rows per page:

1-10 of 501

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for HUAWEI-SA-20160914-01-SEP