Lucene search

Huawei TechnologiesHUAWEI-SA-20161116-01-CFM

HistoryNov 16, 2016 - 12:00 a.m.

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products

2016-11-1600:00:00

Huawei Technologies

www.huawei.com

5.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:N/I:N/A:C

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

There is a buffer overflow vulnerability in Connectivity Fault Management (CFM) function of some Huawei Products. When CFM is enabled and Maintenance Association End Point (MEP) is configured on the affected device, an adjacent attacker could exploit this vulnerability by sending crafted packets to the affected system. An exploit could allow the attacker to cause the main control board of the affected device reboot. (Vulnerability ID: HWPSIRT-2016-08015) __

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-8790.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-cfm-en>

Affected configurations

Vulners

Node

huaweicloudengine_5800MatchV100R003C10

huaweicloudengine_5800MatchV100R005C00

huaweicloudengine_5800MatchV100R005C10

huaweicloudengine_5800MatchV100R006C00

huaweicloudengine_6800MatchV100R003C10

huaweicloudengine_6800MatchV100R005C00

huaweicloudengine_6800MatchV100R005C10

huaweicloudengine_6800MatchV100R006C00

huaweicloudengine_7800MatchV100R003C10

huaweicloudengine_7800MatchV100R005C00

huaweicloudengine_7800MatchV100R005C10

huaweicloudengine_7800MatchV100R006C00

huaweicloudengine_8800MatchV100R006C00

huaweicloudengine_12800MatchV100R003C10

huaweicloudengine_12800MatchV100R005C00

huaweicloudengine_12800MatchV100R005C10

huaweicloudengine_12800MatchV100R006C00

CPENameOperatorVersion
cloudengine 5800eqV100R003C10
cloudengine 5800eqV100R005C00
cloudengine 5800eqV100R005C10
cloudengine 5800eqV100R006C00
cloudengine 6800eqV100R003C10
cloudengine 6800eqV100R005C00
cloudengine 6800eqV100R005C10
cloudengine 6800eqV100R006C00
cloudengine 7800eqV100R003C10
cloudengine 7800eqV100R005C00

Name	Operator	Version
cloudengine 5800	eq	V100R003C10
cloudengine 5800	eq	V100R005C00
cloudengine 5800	eq	V100R005C10
cloudengine 5800	eq	V100R006C00
cloudengine 6800	eq	V100R003C10
cloudengine 6800	eq	V100R005C00
cloudengine 6800	eq	V100R005C10
cloudengine 6800	eq	V100R006C00
cloudengine 7800	eq	V100R003C10
cloudengine 7800	eq	V100R005C00

Rows per page:

1-10 of 171

5.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:N/I:N/A:C

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for HUAWEI-SA-20161116-01-CFM