Details of VAR-201605-0107

ID

VAR-201605-0107

CVE

CVE-2016-4087

TITLE

Huawei S12700 and S5700 Service disruption in switch software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002907

DESCRIPTION

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets. The S5700 series switches are Huawei's full Gigabit Ethernet switches for large-bandwidth access and multi-service aggregation of Ethernet. The S12700 series switches are designed and developed for the next generation campus network core. There are input verification vulnerabilities in Huawei's various switches. Multiple Huawei Products are prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Both Huawei S12700 and S5700 are enterprise-level switch products of China's Huawei (Huawei). The vulnerability is due to the lack of effective verification of packets. The following versions are affected: Huawei S12700 earlier than V200R005C00SPC300, S5700 earlier than V200R001C00, earlier than V200R002C00SPC100, earlier than V200R003C00SPC300, and earlier than V200R005C00

Trust: 2.52

sources: NVD: CVE-2016-4087 // JVNDB: JVNDB-2016-002907 // CNVD: CNVD-2016-02720 // BID: 88853 // VULHUB: VHN-92906

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02720

AFFECTED PRODUCTS

vendor:	huawei	model:	s5700	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r002c00spc100	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r005c00spc300	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r003c00spc300	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r001c00	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s12700	scope:	lt	version:	v200r008c00spc500	Trust: 0.8
vendor:	huawei	model:	s5700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s5700	scope:	lt	version:	v200r005sph010	Trust: 0.8
vendor:	huawei	model:	s12700 v200r005c00spc300	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5700 v200r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5700 v200r002c00spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5700 v200r003c00spc300	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5700 v200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s5700	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	s12700	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-02720 // JVNDB: JVNDB-2016-002907 // CNNVD: CNNVD-201605-131 // NVD: CVE-2016-4087

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4087
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4087
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-02720
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201605-131
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-92906
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4087
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-02720
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-92906
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4087
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-02720 // VULHUB: VHN-92906 // JVNDB: JVNDB-2016-002907 // CNNVD: CNNVD-201605-131 // NVD: CVE-2016-4087

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-92906 // JVNDB: JVNDB-2016-002907 // NVD: CVE-2016-4087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-131

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201605-131

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002907

PATCH

title:	Input Validation Vulnerability in Multiple Huawei Products (huawei-sa-20160427-01-dns)	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160427-01-dns-en	Trust: 0.8
title:	Huawei's multiple switches have patches for input verification vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/75157	Trust: 0.6
title:	Huawei S12700 and S5700 Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61454	Trust: 0.6

sources: CNVD: CNVD-2016-02720 // JVNDB: JVNDB-2016-002907 // CNNVD: CNNVD-201605-131

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4087	Trust: 3.4
db:	JVNDB	id:	JVNDB-2016-002907	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-131	Trust: 0.7
db:	CNVD	id:	CNVD-2016-02720	Trust: 0.6
db:	BID	id:	88853	Trust: 0.4
db:	VULHUB	id:	VHN-92906	Trust: 0.1

sources: CNVD: CNVD-2016-02720 // VULHUB: VHN-92906 // BID: 88853 // JVNDB: JVNDB-2016-002907 // CNNVD: CNNVD-201605-131 // NVD: CVE-2016-4087

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160427-01-dns-en	Trust: 1.4
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160427-01-dns-cn	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4087	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4087	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3

sources: CNVD: CNVD-2016-02720 // VULHUB: VHN-92906 // BID: 88853 // JVNDB: JVNDB-2016-002907 // CNNVD: CNNVD-201605-131 // NVD: CVE-2016-4087

CREDITS

huawei

Trust: 0.6

sources: CNNVD: CNNVD-201605-131

SOURCES

db:	CNVD	id:	CNVD-2016-02720
db:	VULHUB	id:	VHN-92906
db:	BID	id:	88853
db:	JVNDB	id:	JVNDB-2016-002907
db:	CNNVD	id:	CNNVD-201605-131
db:	NVD	id:	CVE-2016-4087

LAST UPDATE DATE

2024-11-23T21:54:37.172000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02720	date:	2016-05-05T00:00:00
db:	VULHUB	id:	VHN-92906	date:	2016-05-25T00:00:00
db:	BID	id:	88853	date:	2016-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-002907	date:	2016-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-131	date:	2016-05-24T00:00:00
db:	NVD	id:	CVE-2016-4087	date:	2024-11-21T02:51:20.297

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-02720	date:	2016-05-05T00:00:00
db:	VULHUB	id:	VHN-92906	date:	2016-05-23T00:00:00
db:	BID	id:	88853	date:	2016-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-002907	date:	2016-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-131	date:	2016-04-27T00:00:00
db:	NVD	id:	CVE-2016-4087	date:	2016-05-23T19:59:08.887