Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20161125-01-USG
HistoryNov 25, 2016 - 12:00 a.m.

Security Advisory - Buffer Overflow Vulnerability in Huawei Firewall Products

2016-11-2500:00:00
Huawei Technologies
www.huawei.com
22

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.9%

JSON

The security policy processing module of some Huawei firewall products have a buffer overflow vulnerability. An authenticated attacker may setup a specific security policy into the devices, causing buffer overflow and crash the system. (Vulnerability ID: HWPSIRT-2016-06074)
This vulnerability has been assigned CVE ID: CVE-2016-8802.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en

Affected configurations

Vulners
Node
huaweisecospace_usg6300_firmwareMatchv500r001c20spc100
OR
huaweisecospace_usg6300_firmwareMatchv500r001c20spc101
OR
huaweisecospace_usg6300_firmwareMatchv500r001c20spc200
OR
huaweisecospace_usg6500_firmwareMatchv500r001c20spc100
OR
huaweisecospace_usg6500_firmwareMatchv500r001c20spc101
OR
huaweisecospace_usg6500_firmwareMatchv500r001c20spc200
OR
huaweisecospace_usg6600_firmwareMatchv500r001c20spc100
OR
huaweisecospace_usg6600_firmwareMatchv500r001c20spc101
OR
huaweisecospace_usg6600_firmwareMatchv500r001c20spc200
VendorProductVersionCPE
huaweisecospace_usg6300_firmwarev500r001c20spc100cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*
huaweisecospace_usg6300_firmwarev500r001c20spc101cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc101:*:*:*:*:*:*:*
huaweisecospace_usg6300_firmwarev500r001c20spc200cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*
huaweisecospace_usg6500_firmwarev500r001c20spc100cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*
huaweisecospace_usg6500_firmwarev500r001c20spc101cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc101:*:*:*:*:*:*:*
huaweisecospace_usg6500_firmwarev500r001c20spc200cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*
huaweisecospace_usg6600_firmwarev500r001c20spc100cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*
huaweisecospace_usg6600_firmwarev500r001c20spc101cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc101:*:*:*:*:*:*:*
huaweisecospace_usg6600_firmwarev500r001c20spc200cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*

Related

prion 1
nvd 1
cve 1
cvelist 1
prion
prion
Buffer overflow
2017-04-02 20:59:00
nvd
nvd
CVE-2016-8802
2017-04-02 20:59:01
cve
cve
CVE-2016-8802
2017-04-02 20:59:01
cvelist
cvelist
CVE-2016-8802
2017-04-02 20:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.9%

JSON
Related for HUAWEI-SA-20161125-01-USG
prion1nvd1cve1cvelist1