Lucene search

Huawei TechnologiesHUAWEI-SA-20161111-01-MPLS

HistoryNov 11, 2016 - 12:00 a.m.

Security Advisory - Input Validation Vulnerability in Some Huawei Products

2016-11-1100:00:00

Huawei Technologies

www.huawei.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.6%

JSON

Some Huawei products have an input validation vulnerability due to improper validation of Multiprotocol Label Switching (MPLS) packets. A remote unauthenticated attacker could exploit this vulnerability by sending malformed MPLS packets. Successful exploit could lead to a denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2016-08023)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-8773.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-en

Affected configurations

Vulners

Node

huaweis5300MatchV200R003C00

huaweis5300MatchV200R007C00

huaweis5300MatchV200R008C00

huaweis5300MatchV200R009C00

huaweis5700MatchV200R001C00

huaweis5700MatchV200R002C00

huaweis5700MatchV200R003C00

huaweis5700MatchV200R005C00

huaweis5700MatchV200R005C03

huaweis5700MatchV200R007C00

huaweis5700MatchV200R008C00

huaweis5700MatchV200R009C00

huaweis6300MatchV200R003C00

huaweis6300MatchV200R005C00

huaweis6300MatchV200R008C00

huaweis6300MatchV200R009C00

huaweis6700MatchV200R001C00

huaweis6700MatchV200R001C01

huaweis6700MatchV200R002C00

huaweis6700MatchV200R003C00

huaweis6700MatchV200R005C00

huaweis6700MatchV200R008C00

huaweis6700MatchV200R009C00

huaweis7700MatchV200R007C00

huaweis7700MatchV200R008C00

huaweis7700MatchV200R009C00

huaweis9300MatchV200R007C00

huaweis9300MatchV200R008C00

huaweis9300MatchV200R009C00

huaweis9700MatchV200R007C00

huaweis9700MatchV200R008C00

huaweis9700MatchV200R009C00

huaweis12700MatchV200R007C00

huaweis12700MatchV200R007C01

huaweis12700MatchV200R008C00

huaweis12700MatchV200R009C00

CPENameOperatorVersion
s5300eqV200R003C00
s5300eqV200R007C00
s5300eqV200R008C00
s5300eqV200R009C00
s5700eqV200R001C00
s5700eqV200R002C00
s5700eqV200R003C00
s5700eqV200R005C00
s5700eqV200R005C03
s5700eqV200R007C00

Name	Operator	Version
s5300	eq	V200R003C00
s5300	eq	V200R007C00
s5300	eq	V200R008C00
s5300	eq	V200R009C00
s5700	eq	V200R001C00
s5700	eq	V200R002C00
s5700	eq	V200R003C00
s5700	eq	V200R005C00
s5700	eq	V200R005C03
s5700	eq	V200R007C00

Rows per page:

1-10 of 361

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for HUAWEI-SA-20161111-01-MPLS