Sign-up

ID

VAR-201511-0106


CVE

CVE-2015-8083


TITLE

Huawei eSpace U1900 Series Switches Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2015-06331 // BID: 76673

DESCRIPTION

An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows remote attackers to cause a denial of service (out-of-bounds memory access and device restart) via unknown vectors. Huawei eSpace U1910, eSpace U1911, eSpace U1930, eSpace U1960, eSpace U1980, and eSpace U1981 are Huawei eSpace U1900 series switches. A security vulnerability exists in the Huawei eSpace U1910/U1911/U1930/U1960/U1980/U1981. An attacker can use the vulnerability to submit a special request for a denial of service attack. The Huawei eSpace U1900 is a unified gateway product. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

Trust: 3.51

sources: NVD: CVE-2015-8083 // JVNDB: JVNDB-2015-005996 // CNVD: CNVD-2015-06331 // CNVD: CNVD-2015-07750 // BID: 77567 // BID: 76673 // IVD: 6c8c3bc4-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-86044

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 6c8c3bc4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06331 // CNVD: CNVD-2015-07750

AFFECTED PRODUCTS

vendor:huaweimodel:espacescope:lteversion:v100r001c20

Trust: 1.0

vendor:huaweimodel:espace u1910 unified gatewayscope: - version: -

Trust: 0.8

vendor:huaweimodel:espace u1911 unified gatewayscope: - version: -

Trust: 0.8

vendor:huaweimodel:espace u1930 unified gatewayscope: - version: -

Trust: 0.8

vendor:huaweimodel:espace u1960 unified gatewayscope: - version: -

Trust: 0.8

vendor:huaweimodel:espace u1980 unified gatewayscope: - version: -

Trust: 0.8

vendor:huaweimodel:espace u1981 unified gatewayscope: - version: -

Trust: 0.8

vendor:huaweimodel:espacescope:ltversion:v200r003c00spc300

Trust: 0.8

vendor:huaweimodel:espace u1900 series switchesscope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1981scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1980scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1930scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1911scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1910scope: - version: -

Trust: 0.6

vendor:huaweimodel:espacescope:eqversion:v100r001c20

Trust: 0.6

vendor:huaweimodel:espace u1981 v200r003c00spc200scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1980 v200r003c00spc200scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1960 v200r003c00spc200scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1930 v200r003c00spc200scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1911 v200r003c00spc200scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1910 v200r003c00spc200scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1981 v100r001c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1980 v100r001c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1960 v100r001c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1930 v100r001c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1911 v100r001c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1910 v100r001c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace u1981 v100r001c20sph605scope:neversion: -

Trust: 0.3

vendor:huaweimodel:espace u1980 v100r001c20sph605scope:neversion: -

Trust: 0.3

vendor:huaweimodel:espace u1960 v100r001c20sph605scope:neversion: -

Trust: 0.3

vendor:huaweimodel:espace u1930 v100r001c20sph605scope:neversion: -

Trust: 0.3

vendor:huaweimodel:espace u1911 v100r001c20sph605scope:neversion: -

Trust: 0.3

vendor:huaweimodel:espace u1910 v100r001c20sph605scope:neversion: -

Trust: 0.3

vendor:espacemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 6c8c3bc4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06331 // CNVD: CNVD-2015-07750 // BID: 77567 // BID: 76673 // JVNDB: JVNDB-2015-005996 // CNNVD: CNNVD-201509-483 // NVD: CVE-2015-8083

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8083
value: HIGH

Trust: 1.0

NVD: CVE-2015-8083
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-06331
value: HIGH

Trust: 0.6

CNVD: CNVD-2015-07750
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201509-483
value: HIGH

Trust: 0.6

IVD: 6c8c3bc4-2351-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-86044
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-8083
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06331
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2015-07750
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6c8c3bc4-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-86044
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 6c8c3bc4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06331 // CNVD: CNVD-2015-07750 // VULHUB: VHN-86044 // JVNDB: JVNDB-2015-005996 // CNNVD: CNNVD-201509-483 // NVD: CVE-2015-8083

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-86044 // JVNDB: JVNDB-2015-005996 // NVD: CVE-2015-8083

THREAT TYPE

network

Trust: 0.6

sources: BID: 77567 // BID: 76673

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 6c8c3bc4-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201509-483

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005996

PATCH
title:Huawei-SA-20150909-02-U1900url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-453506.htm
Trust: 0.8
title:Huawei eSpace U1900 Series Switches Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/64760
Trust: 0.6
title:Huawei eSpace Unified Gateway Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/67053
Trust: 0.6
title:Multiple Huawei eSpace Repair measures for switch denial of service vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57793
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06331 // 
            
            
            
            CNVD: CNVD-2015-07750 // 
            
            
            
            JVNDB: JVNDB-2015-005996 // 
            
            
            
            CNNVD: CNNVD-201509-483

EXTERNAL IDS
db:NVDid:CVE-2015-8083
Trust: 3.6
db:BIDid:76673
Trust: 1.5
db:BIDid:77567
Trust: 1.0
db:CNNVDid:CNNVD-201509-483
Trust: 0.9
db:CNVDid:CNVD-2015-07750
Trust: 0.8
db:JVNDBid:JVNDB-2015-005996
Trust: 0.8
db:CNVDid:CNVD-2015-06331
Trust: 0.6
db:NSFOCUSid:31602
Trust: 0.6
db:IVDid:6C8C3BC4-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:SEEBUGid:SSVID-89917
Trust: 0.1
db:VULHUBid:VHN-86044
Trust: 0.1
sources:
            
            
            IVD: 6c8c3bc4-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-06331 // 
            
            
            
            CNVD: CNVD-2015-07750 // 
            
            
            
            VULHUB: VHN-86044 // 
            
            
            
            BID: 77567 // 
            
            
            
            BID: 76673 // 
            
            
            
            JVNDB: JVNDB-2015-005996 // 
            
            
            
            CNNVD: CNNVD-201509-483 // 
            
            
            
            NVD: CVE-2015-8083

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-453506.htm
Trust: 2.3
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8083
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8083
Trust: 0.8
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-453512.htm
Trust: 0.6
url:http://www.securityfocus.com/bid/76673
Trust: 0.6
url:http://www.nsfocus.net/vulndb/31602
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-453506.htm
Trust: 0.3
url:http://www.huawei.com/
Trust: 0.3
url: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-453512.htm 
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06331 // 
            
            
            
            CNVD: CNVD-2015-07750 // 
            
            
            
            VULHUB: VHN-86044 // 
            
            
            
            BID: 77567 // 
            
            
            
            BID: 76673 // 
            
            
            
            JVNDB: JVNDB-2015-005996 // 
            
            
            
            CNNVD: CNNVD-201509-483 // 
            
            
            
            NVD: CVE-2015-8083

CREDITS
Mickey Shkatov from Intel Advanced Threat Research Team and Jesse Michael from Intel
Trust: 0.9
sources:
            
            
            BID: 76673 // 
            
            
            
            CNNVD: CNNVD-201509-483

SOURCES
db:IVDid:6c8c3bc4-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-06331
db:CNVDid:CNVD-2015-07750
db:VULHUBid:VHN-86044
db:BIDid:77567
db:BIDid:76673
db:JVNDBid:JVNDB-2015-005996
db:CNNVDid:CNNVD-201509-483
db:NVDid:CVE-2015-8083

LAST UPDATE DATE
2024-11-23T22:22:52.281000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06331date:2015-10-09T00:00:00
db:CNVDid:CNVD-2015-07750date:2015-11-24T00:00:00
db:VULHUBid:VHN-86044date:2015-11-20T00:00:00
db:BIDid:77567date:2015-11-13T00:00:00
db:BIDid:76673date:2015-09-09T00:00:00
db:JVNDBid:JVNDB-2015-005996date:2015-11-24T00:00:00
db:CNNVDid:CNNVD-201509-483date:2015-11-20T00:00:00
db:NVDid:CVE-2015-8083date:2024-11-21T02:37:59.167

SOURCES RELEASE DATE
db:IVDid:6c8c3bc4-2351-11e6-abef-000c29c66e3ddate:2015-11-24T00:00:00
db:CNVDid:CNVD-2015-06331date:2015-10-09T00:00:00
db:CNVDid:CNVD-2015-07750date:2015-11-24T00:00:00
db:VULHUBid:VHN-86044date:2015-11-19T00:00:00
db:BIDid:77567date:2015-11-13T00:00:00
db:BIDid:76673date:2015-09-09T00:00:00
db:JVNDBid:JVNDB-2015-005996date:2015-11-24T00:00:00
db:CNNVDid:CNNVD-201509-483date:2015-09-24T00:00:00
db:NVDid:CVE-2015-8083date:2015-11-19T20:59:10.913