Details of VAR-201604-0327

ID

VAR-201604-0327

CVE

CVE-2015-8676

TITLE

plural Huawei Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007104

DESCRIPTION

Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets. HuaweiS5300EI is a Huawei S series switch product. The HuaweiS5300EI handles memory leaks in ICMPv6 packets, allowing remote attackers to exploit vulnerabilities to submit special requests for denial of service attacks. Multiple Huawei Switches are prone to a remote denial-of-service vulnerability. The Huawei S5300EI and others are all S-series switch products of China's Huawei (Huawei). Memory leak vulnerabilities exist in several Huawei products. The following products and versions are affected: Huawei S5300EI, S5300SI, S5310HI, S6300EI, S2350EI, S5300LI, S9300, S7700, and S9700 using software V200R001C00, V200R002C00, and V200R003C00;

Trust: 2.52

sources: NVD: CVE-2015-8676 // JVNDB: JVNDB-2015-007104 // CNVD: CNVD-2016-02290 // BID: 90893 // VULHUB: VHN-86637

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02290

AFFECTED PRODUCTS

vendor:	huawei	model:	s9300	scope:	lt	version:	v200r003c00	Trust: 1.8
vendor:	huawei	model:	s9700	scope:	lt	version:	v200r003c00	Trust: 1.8
vendor:	huawei	model:	s7700	scope:	lt	version:	v200r003c00	Trust: 1.8
vendor:	huawei	model:	s5310hi	scope:	gte	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s5310hi	scope:	lt	version:	v200r003sph011	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	gte	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	lt	version:	v200r001sph023	Trust: 1.0
vendor:	huawei	model:	s5300ei	scope:	gte	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s2350ei	scope:	gte	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s2350ei	scope:	lt	version:	v200r003sph011	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s2300	scope:	lt	version:	v100r006sph022	Trust: 1.0
vendor:	huawei	model:	s5310hi	scope:	gte	version:	v200r002c00	Trust: 1.0
vendor:	huawei	model:	s5310hi	scope:	lt	version:	v200r001sph018	Trust: 1.0
vendor:	huawei	model:	s5300si	scope:	gte	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s2350ei	scope:	gte	version:	v200r002c00	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	gte	version:	v200r002c00	Trust: 1.0
vendor:	huawei	model:	s5300ei	scope:	lt	version:	v200r003sph011	Trust: 1.0
vendor:	huawei	model:	s5300ei	scope:	gte	version:	v200r002c00	Trust: 1.0
vendor:	huawei	model:	s2350ei	scope:	lt	version:	v200r001sph018	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	lt	version:	v200r001sph023	Trust: 1.0
vendor:	huawei	model:	s5300li	scope:	gte	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s5300li	scope:	lt	version:	v200r003sph011	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	gte	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s5300si	scope:	lt	version:	v200r003sph011	Trust: 1.0
vendor:	huawei	model:	s5300si	scope:	gte	version:	v200r002c00	Trust: 1.0
vendor:	huawei	model:	s6300ei	scope:	gte	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s3300	scope:	gte	version:	v100r006c05	Trust: 1.0
vendor:	huawei	model:	s5300li	scope:	gte	version:	v200r002c00	Trust: 1.0
vendor:	huawei	model:	s5300ei	scope:	lt	version:	v200r001sph018	Trust: 1.0
vendor:	huawei	model:	s6300ei	scope:	lt	version:	v200r003sph011	Trust: 1.0
vendor:	huawei	model:	s5300li	scope:	lt	version:	v200r001sph018	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	gte	version:	v200r002c00	Trust: 1.0
vendor:	huawei	model:	s5300si	scope:	lt	version:	v200r001sph018	Trust: 1.0
vendor:	huawei	model:	s2300	scope:	gte	version:	v100r006c05	Trust: 1.0
vendor:	huawei	model:	s6300ei	scope:	gte	version:	v200r002c00	Trust: 1.0
vendor:	huawei	model:	s6300ei	scope:	lt	version:	v200r001sph018	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	gte	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	lt	version:	v200r001sph023	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s3300	scope:	lt	version:	v100r006sph022	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	gte	version:	v200r002c00	Trust: 1.0
vendor:	huawei	model:	s5300si	scope:	lt	version:	v200r001c00	Trust: 0.8
vendor:	huawei	model:	s5310hi	scope:	lt	version:	v200r001c00	Trust: 0.8
vendor:	huawei	model:	s2350ei	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s5310hi	scope:	eq	version:	v200r003sph011	Trust: 0.8
vendor:	huawei	model:	s2300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s9300	scope:	lt	version:	v200r002c00	Trust: 0.8
vendor:	huawei	model:	s5300si	scope:	eq	version:	v200r003sph011	Trust: 0.8
vendor:	huawei	model:	s9700	scope:	lt	version:	v200r001c00	Trust: 0.8
vendor:	huawei	model:	s2350ei	scope:	lt	version:	v200r001c00	Trust: 0.8
vendor:	huawei	model:	s5300si	scope:	lt	version:	v200r002c00	Trust: 0.8
vendor:	huawei	model:	s5300si	scope:	lt	version:	v200r003c00	Trust: 0.8
vendor:	huawei	model:	s5300li	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s5310hi	scope:	lt	version:	v200r002c00	Trust: 0.8
vendor:	huawei	model:	s5310hi	scope:	lt	version:	v200r003c00	Trust: 0.8
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r001sph023	Trust: 0.8
vendor:	huawei	model:	s2350ei	scope:	eq	version:	v200r003sph011	Trust: 0.8
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r003sph011	Trust: 0.8
vendor:	huawei	model:	s6300ei	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s9700	scope:	lt	version:	v200r002c00	Trust: 0.8
vendor:	huawei	model:	s2350ei	scope:	lt	version:	v200r002c00	Trust: 0.8
vendor:	huawei	model:	s2350ei	scope:	lt	version:	v200r003c00	Trust: 0.8
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r003sph011	Trust: 0.8
vendor:	huawei	model:	s5300ei	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s6300ei	scope:	eq	version:	v200r001sph018	Trust: 0.8
vendor:	huawei	model:	s6300ei	scope:	lt	version:	v200r001c00	Trust: 0.8
vendor:	huawei	model:	s3300	scope:	eq	version:	v100r006sph022	Trust: 0.8
vendor:	huawei	model:	s5300ei	scope:	eq	version:	v200r001sph018	Trust: 0.8
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r001sph023	Trust: 0.8
vendor:	huawei	model:	s3300	scope:	lt	version:	v100r006c05	Trust: 0.8
vendor:	huawei	model:	s6300ei	scope:	lt	version:	v200r002c00	Trust: 0.8
vendor:	huawei	model:	s6300ei	scope:	lt	version:	v200r003c00	Trust: 0.8
vendor:	huawei	model:	s7700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s6300ei	scope:	eq	version:	v200r003sph011	Trust: 0.8
vendor:	huawei	model:	s5300li	scope:	eq	version:	v200r001sph018	Trust: 0.8
vendor:	huawei	model:	s3300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s5300li	scope:	lt	version:	v200r001c00	Trust: 0.8
vendor:	huawei	model:	s5310hi	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s5300ei	scope:	lt	version:	v200r001c00	Trust: 0.8
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r001sph023	Trust: 0.8
vendor:	huawei	model:	s9300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s2300	scope:	eq	version:	v100r006sph022	Trust: 0.8
vendor:	huawei	model:	s5300ei	scope:	eq	version:	v200r003sph011	Trust: 0.8
vendor:	huawei	model:	s5300li	scope:	lt	version:	v200r002c00	Trust: 0.8
vendor:	huawei	model:	s5300li	scope:	lt	version:	v200r003c00	Trust: 0.8
vendor:	huawei	model:	s5300ei	scope:	lt	version:	v200r002c00	Trust: 0.8
vendor:	huawei	model:	s5300ei	scope:	lt	version:	v200r003c00	Trust: 0.8
vendor:	huawei	model:	s2300	scope:	lt	version:	v100r006c05	Trust: 0.8
vendor:	huawei	model:	s7700	scope:	lt	version:	v200r001c00	Trust: 0.8
vendor:	huawei	model:	s5300li	scope:	eq	version:	v200r003sph011	Trust: 0.8
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r003sph011	Trust: 0.8
vendor:	huawei	model:	s9700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s5300si	scope:	eq	version:	v200r001sph018	Trust: 0.8
vendor:	huawei	model:	s5310hi	scope:	eq	version:	v200r001sph018	Trust: 0.8
vendor:	huawei	model:	s7700	scope:	lt	version:	v200r002c00	Trust: 0.8
vendor:	huawei	model:	s5300si	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s9300	scope:	lt	version:	v200r001c00	Trust: 0.8
vendor:	huawei	model:	s2350ei	scope:	eq	version:	v200r001sph018	Trust: 0.8
vendor:	huawei	model:	s5300ei v200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5300ei v200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5300si v200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5300si v200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5310hi 200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5310hi 200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s6300ei 200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s6300ei 200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s2350ei 200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s2350ei 200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s2350ei 200r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5300li 200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5300li 200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5300li 200r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9300 200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9300 200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9300 200r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s7700 200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s7700 200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s7700 200r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9700 200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9700 200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9700 200r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5720hi 200r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5720ei 200r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s2300 100r006c05	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s3300 100r006c05	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9700	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s9300	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s2350ei	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s7700	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s5300li	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s5300ei	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s5310hi	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s3300	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s6300ei	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s5300si	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-02290 // JVNDB: JVNDB-2015-007104 // CNNVD: CNNVD-201604-313 // NVD: CVE-2015-8676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8676
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-8676
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-02290
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201604-313
value:	HIGH
Trust: 0.6
VULHUB:	VHN-86637
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-8676
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-02290
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-86637
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-8676
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-02290 // VULHUB: VHN-86637 // JVNDB: JVNDB-2015-007104 // CNNVD: CNNVD-201604-313 // NVD: CVE-2015-8676

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-399	Trust: 1.9

sources: VULHUB: VHN-86637 // JVNDB: JVNDB-2015-007104 // NVD: CVE-2015-8676

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-313

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201604-313

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007104

PATCH

title:	Huawei-SA-20160113-02-Switch	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en	Trust: 0.8
title:	Patches for various Huawei product switches ICMPv6 packet memory leak vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/74357	Trust: 0.6
title:	Multiple Huawei Product memory leak vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60968	Trust: 0.6

sources: CNVD: CNVD-2016-02290 // JVNDB: JVNDB-2015-007104 // CNNVD: CNNVD-201604-313

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8676	Trust: 3.4
db:	JVNDB	id:	JVNDB-2015-007104	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-313	Trust: 0.7
db:	CNVD	id:	CNVD-2016-02290	Trust: 0.6
db:	BID	id:	90893	Trust: 0.4
db:	VULHUB	id:	VHN-86637	Trust: 0.1

sources: CNVD: CNVD-2016-02290 // VULHUB: VHN-86637 // BID: 90893 // JVNDB: JVNDB-2015-007104 // CNNVD: CNNVD-201604-313 // NVD: CVE-2015-8676

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8676	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8676	Trust: 0.8
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en	Trust: 0.6

sources: CNVD: CNVD-2016-02290 // VULHUB: VHN-86637 // JVNDB: JVNDB-2015-007104 // CNNVD: CNNVD-201604-313 // NVD: CVE-2015-8676

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 90893

SOURCES

db:	CNVD	id:	CNVD-2016-02290
db:	VULHUB	id:	VHN-86637
db:	BID	id:	90893
db:	JVNDB	id:	JVNDB-2015-007104
db:	CNNVD	id:	CNNVD-201604-313
db:	NVD	id:	CVE-2015-8676

LAST UPDATE DATE

2024-11-23T21:54:38.182000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02290	date:	2016-04-19T00:00:00
db:	VULHUB	id:	VHN-86637	date:	2019-06-20T00:00:00
db:	BID	id:	90893	date:	2016-07-06T14:51:00
db:	JVNDB	id:	JVNDB-2015-007104	date:	2016-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201604-313	date:	2016-04-15T00:00:00
db:	NVD	id:	CVE-2015-8676	date:	2024-11-21T02:38:56.983

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-02290	date:	2016-04-19T00:00:00
db:	VULHUB	id:	VHN-86637	date:	2016-04-14T00:00:00
db:	BID	id:	90893	date:	2016-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-007104	date:	2016-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201604-313	date:	2016-04-15T00:00:00
db:	NVD	id:	CVE-2015-8676	date:	2016-04-14T15:59:02.980