Lucene search

Huawei TechnologiesHUAWEI-SA-20161123-01-VRP

HistoryNov 23, 2016 - 12:00 a.m.

Security Advisory - Integer Overflow Vulnerability in Some Huawei Devices

2016-11-2300:00:00

Huawei Technologies

www.huawei.com

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

53.2%

JSON

Some Huawei devices have an integer overflow vulnerability. Due to the lack of validation in some field of the packet, a remote, unauthenticated attacker may craft specific IPFPM packets, probably causing the device to reset. (Vulnerability ID: HWPSIRT-2016-04030)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-8795

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-vrp-en

Affected configurations

Vulners

Node

huaweicloudengine_12800MatchV100R002C00

huaweicloudengine_12800MatchV100R003C00

huaweicloudengine_12800MatchV100R003C10

huaweicloudengine_12800MatchV100R005C00

huaweicloudengine_12800MatchV100R005C10

huaweicloudengine_12800MatchV100R006C00

huaweicloudengine_5800MatchV100R002C00

huaweicloudengine_5800MatchV100R003C00

huaweicloudengine_5800MatchV100R003C10

huaweicloudengine_5800MatchV100R005C00

huaweicloudengine_5800MatchV100R005C10

huaweicloudengine_5800MatchV100R006C00

huaweicloudengine_6800MatchV100R002C00

huaweicloudengine_6800MatchV100R003C00

huaweicloudengine_6800MatchV100R003C10

huaweicloudengine_6800MatchV100R005C00

huaweicloudengine_6800MatchV100R005C10

huaweicloudengine_6800MatchV100R006C00

huaweicloudengine_7800MatchV100R003C00

huaweicloudengine_7800MatchV100R003C10

huaweicloudengine_7800MatchV100R005C00

huaweicloudengine_7800MatchV100R005C10

huaweicloudengine_7800MatchV100R006C00

huaweicloudengine_8800MatchV100R006C00

huaweisecospace_usg6600MatchV500R001C00

CPENameOperatorVersion
cloudengine 12800eqV100R002C00
cloudengine 12800eqV100R003C00
cloudengine 12800eqV100R003C10
cloudengine 12800eqV100R005C00
cloudengine 12800eqV100R005C10
cloudengine 12800eqV100R006C00
cloudengine 5800eqV100R002C00
cloudengine 5800eqV100R003C00
cloudengine 5800eqV100R003C10
cloudengine 5800eqV100R005C00

Name	Operator	Version
cloudengine 12800	eq	V100R002C00
cloudengine 12800	eq	V100R003C00
cloudengine 12800	eq	V100R003C10
cloudengine 12800	eq	V100R005C00
cloudengine 12800	eq	V100R005C10
cloudengine 12800	eq	V100R006C00
cloudengine 5800	eq	V100R002C00
cloudengine 5800	eq	V100R003C00
cloudengine 5800	eq	V100R003C10
cloudengine 5800	eq	V100R005C00

Rows per page:

1-10 of 251

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for HUAWEI-SA-20161123-01-VRP