Details of VAR-201605-0334

ID

VAR-201605-0334

CVE

CVE-2016-4576

TITLE

plural Huawei Device product software Application Specific Packet Filtering Buffer overflow vulnerability in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2016-002908

DESCRIPTION

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters.". HuaweiIPSModule and other products are China's Huawei's intrusion prevention and intrusion detection products. A buffer overflow vulnerability exists in several Huawei products. An attacker could exploit a vulnerability that would result in a denial of service or arbitrary code by constructing a malformed message containing an illegal parameter. Multiple Huawei Products are prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. The following Huawei products are affected: IPS Module NGFW Module NIP6300 NIP6600 Secospace USG6300 Secospace USG6500 Secospace USG6600 USG9500 Secospace AntiDDoS8000

Trust: 2.52

sources: NVD: CVE-2016-4576 // JVNDB: JVNDB-2016-002908 // CNVD: CNVD-2016-03569 // BID: 90530 // VULHUB: VHN-93395

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-03569

AFFECTED PRODUCTS

vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace antiddos8000	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ips module	scope:	lt	version:	v500r001c20spc100	Trust: 0.8
vendor:	huawei	model:	ngfw module	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ngfw module	scope:	lt	version:	v500r001c20spc100	Trust: 0.8
vendor:	huawei	model:	nip6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6300	scope:	lt	version:	v500r001c20spc100	Trust: 0.8
vendor:	huawei	model:	nip6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6600	scope:	lt	version:	v500r001c20spc100	Trust: 0.8
vendor:	huawei	model:	secospace antiddos8000	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace antiddos8000	scope:	lt	version:	v500r001c20spc100	Trust: 0.8
vendor:	huawei	model:	secospace usg6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6300	scope:	lt	version:	v500r001c20spc100	Trust: 0.8
vendor:	huawei	model:	secospace usg6500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6500	scope:	lt	version:	v500r001c20spc100	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	lt	version:	v500r001c20spc100	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	lt	version:	v500r001c20spc100	Trust: 0.8
vendor:	huawei	model:	secospace antiddos8000 <v500r001c20spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9500 <v500r001c20spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 <v500r001c20spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 <v500r001c20spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 <v500r001c20spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6600 <v500r001c20spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6300 <v500r001c20spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ngfw module <v500r001c20spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ips module <v500r001c20spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ngfw module	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace antiddos8000	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9500	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6600	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6300	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	ips module	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-03569 // JVNDB: JVNDB-2016-002908 // CNNVD: CNNVD-201605-579 // NVD: CVE-2016-4576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4576
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-4576
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2016-03569
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201605-579
value:	HIGH
Trust: 0.6
VULHUB:	VHN-93395
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-4576
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-03569
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-93395
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4576
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-03569 // VULHUB: VHN-93395 // JVNDB: JVNDB-2016-002908 // CNNVD: CNNVD-201605-579 // NVD: CVE-2016-4576

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-93395 // JVNDB: JVNDB-2016-002908 // NVD: CVE-2016-4576

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-579

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201605-579

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002908

PATCH

title:	Buffer Overflow Vulnerability in Huawei Several Products (huawei-sa-20160511-01-aspf)	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-aspf-en	Trust: 0.8
title:	Patches for multiple Huawei product buffer overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/76462	Trust: 0.6
title:	Multiple Huawei Product Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61892	Trust: 0.6

sources: CNVD: CNVD-2016-03569 // JVNDB: JVNDB-2016-002908 // CNNVD: CNNVD-201605-579

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4576	Trust: 3.4
db:	BID	id:	90530	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-002908	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-579	Trust: 0.7
db:	CNVD	id:	CNVD-2016-03569	Trust: 0.6
db:	VULHUB	id:	VHN-93395	Trust: 0.1

sources: CNVD: CNVD-2016-03569 // VULHUB: VHN-93395 // BID: 90530 // JVNDB: JVNDB-2016-002908 // CNNVD: CNNVD-201605-579 // NVD: CVE-2016-4576

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-aspf-en	Trust: 1.4
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160511-01-aspf-cn	Trust: 1.2
url:	http://www.securityfocus.com/bid/90530	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4576	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4576	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3

sources: CNVD: CNVD-2016-03569 // VULHUB: VHN-93395 // BID: 90530 // JVNDB: JVNDB-2016-002908 // CNNVD: CNNVD-201605-579 // NVD: CVE-2016-4576

CREDITS

Huawei

Trust: 0.6

sources: CNNVD: CNNVD-201605-579

SOURCES

db:	CNVD	id:	CNVD-2016-03569
db:	VULHUB	id:	VHN-93395
db:	BID	id:	90530
db:	JVNDB	id:	JVNDB-2016-002908
db:	CNNVD	id:	CNNVD-201605-579
db:	NVD	id:	CVE-2016-4576

LAST UPDATE DATE

2024-11-23T22:34:50.247000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-03569	date:	2016-05-25T00:00:00
db:	VULHUB	id:	VHN-93395	date:	2016-11-28T00:00:00
db:	BID	id:	90530	date:	2016-07-06T14:48:00
db:	JVNDB	id:	JVNDB-2016-002908	date:	2016-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-579	date:	2016-05-24T00:00:00
db:	NVD	id:	CVE-2016-4576	date:	2024-11-21T02:52:31.913

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-03569	date:	2016-05-25T00:00:00
db:	VULHUB	id:	VHN-93395	date:	2016-05-23T00:00:00
db:	BID	id:	90530	date:	2016-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-002908	date:	2016-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-579	date:	2016-05-23T00:00:00
db:	NVD	id:	CVE-2016-4576	date:	2016-05-23T19:59:09.980