Sign-up

ID

VAR-201512-0241


CVE

CVE-2015-8084


TITLE

plural Huawei USG Denial of service in product software (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006140

DESCRIPTION

Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is enabled on an interface, allow remote attackers to cause a denial of service (reboot) via crafted DHCP packets. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause the affected device to restart, denying service to legitimate users. Huawei USG5500, USG2100, USG2200, and USG5100 are all unified security gateway products of Huawei in China. There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei USG5500, USG2100, USG2200, and USG5100 using software versions earlier than V300R001C10SPC600

Trust: 1.98

sources: NVD: CVE-2015-8084 // JVNDB: JVNDB-2015-006140 // BID: 77300 // VULHUB: VHN-86045

AFFECTED PRODUCTS

vendor:huaweimodel:unified security gatewayscope:lteversion:v300r001c10

Trust: 1.0

vendor:huaweimodel:unified security gatewayscope:ltversion:v300r001c10spc600

Trust: 0.8

vendor:huaweimodel:usg2100scope: - version: -

Trust: 0.8

vendor:huaweimodel:usg2200scope: - version: -

Trust: 0.8

vendor:huaweimodel:usg5100scope: - version: -

Trust: 0.8

vendor:huaweimodel:usg5500scope: - version: -

Trust: 0.8

vendor:huaweimodel:unified security gatewayscope:eqversion:v300r001c10

Trust: 0.6

sources: JVNDB: JVNDB-2015-006140 // CNNVD: CNNVD-201511-338 // NVD: CVE-2015-8084

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8084
value: HIGH

Trust: 1.0

NVD: CVE-2015-8084
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201511-338
value: HIGH

Trust: 0.6

VULHUB: VHN-86045
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-8084
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-86045
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-86045 // JVNDB: JVNDB-2015-006140 // CNNVD: CNNVD-201511-338 // NVD: CVE-2015-8084

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-86045 // JVNDB: JVNDB-2015-006140 // NVD: CVE-2015-8084

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-338

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201511-338

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006140

PATCH
title:Huawei-SA-20151021-01-USGurl:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-457916.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006140

EXTERNAL IDS
db:NVDid:CVE-2015-8084
Trust: 2.8
db:BIDid:77300
Trust: 2.0
db:JVNDBid:JVNDB-2015-006140
Trust: 0.8
db:CNNVDid:CNNVD-201511-338
Trust: 0.7
db:SEEBUGid:SSVID-89905
Trust: 0.1
db:VULHUBid:VHN-86045
Trust: 0.1
sources:
            
            
            VULHUB: VHN-86045 // 
            
            
            
            BID: 77300 // 
            
            
            
            JVNDB: JVNDB-2015-006140 // 
            
            
            
            CNNVD: CNNVD-201511-338 // 
            
            
            
            NVD: CVE-2015-8084

REFERENCES
url:http://www.securityfocus.com/bid/77300
Trust: 1.7
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-457916.htm
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8084
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8084
Trust: 0.8
sources:
            
            
            VULHUB: VHN-86045 // 
            
            
            
            JVNDB: JVNDB-2015-006140 // 
            
            
            
            CNNVD: CNNVD-201511-338 // 
            
            
            
            NVD: CVE-2015-8084

CREDITS
Kurt Grutzmacher
Trust: 0.9
sources:
            
            
            BID: 77300 // 
            
            
            
            CNNVD: CNNVD-201511-338

SOURCES
db:VULHUBid:VHN-86045
db:BIDid:77300
db:JVNDBid:JVNDB-2015-006140
db:CNNVDid:CNNVD-201511-338
db:NVDid:CVE-2015-8084

LAST UPDATE DATE
2024-11-23T22:18:17.582000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-86045date:2015-12-08T00:00:00
db:BIDid:77300date:2015-12-08T22:09:00
db:JVNDBid:JVNDB-2015-006140date:2015-12-09T00:00:00
db:CNNVDid:CNNVD-201511-338date:2015-12-08T00:00:00
db:NVDid:CVE-2015-8084date:2024-11-21T02:37:59.303

SOURCES RELEASE DATE
db:VULHUBid:VHN-86045date:2015-12-07T00:00:00
db:BIDid:77300date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-006140date:2015-12-09T00:00:00
db:CNNVDid:CNNVD-201511-338date:2015-10-21T00:00:00
db:NVDid:CVE-2015-8084date:2015-12-07T20:59:10.343