Sign-up

ID

VAR-201608-0019


CVE

CVE-2016-6178


TITLE

plural Huawei Service disruption in device software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-004122

DESCRIPTION

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet. HuaweiNE40E is a router product of China Huawei. Multiple Huawei Products are prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Input validation vulnerabilities exist in several Huawei products

Trust: 2.52

sources: NVD: CVE-2016-6178 // JVNDB: JVNDB-2016-004122 // CNVD: CNVD-2016-05050 // BID: 91772 // VULHUB: VHN-94998

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-05050

AFFECTED PRODUCTS

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r003c10

Trust: 1.6

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c10

Trust: 1.6

vendor:huaweimodel:ne5000escope:eqversion:v800r006c00

Trust: 1.6

vendor:huaweimodel:cx600scope:eqversion:v600r008c20

Trust: 1.6

vendor:huaweimodel:cx600scope:eqversion:v800r007c00

Trust: 1.6

vendor:huaweimodel:ptn 6900-2-m8scope:eqversion:v800r007c00

Trust: 1.6

vendor:huaweimodel:cx600scope:eqversion:v800r006c20

Trust: 1.6

vendor:huaweimodel:cx600scope:eqversion:v800r006c00

Trust: 1.6

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c00

Trust: 1.6

vendor:huaweimodel:ne40escope:eqversion:v800r007c00

Trust: 1.0

vendor:huaweimodel:ne40escope:eqversion:v600r008c20

Trust: 1.0

vendor:huaweimodel:ne40escope:eqversion:v800r006c00

Trust: 1.0

vendor:huaweimodel:ne40escope:eqversion:v800r006c20

Trust: 1.0

vendor:huaweimodel:ne40escope:eqversion:v800r006c30

Trust: 1.0

vendor:huaweimodel:ne40e v600r008c20scope: - version: -

Trust: 0.9

vendor:huaweimodel:ne40e v800r006c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ne40e v800r006c20scope: - version: -

Trust: 0.9

vendor:huaweimodel:ne40e v800r006c30scope: - version: -

Trust: 0.9

vendor:huaweimodel:ne40e v800r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:cx600 v600r008c20scope: - version: -

Trust: 0.9

vendor:huaweimodel:cx600 v800r006c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:cx600 v800r006c20scope: - version: -

Trust: 0.9

vendor:huaweimodel:cx600 v800r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ptn 6900-2-m8 v800r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ne5000e v800r006c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:cloudengine v100r003c00scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r003c10scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r005c00scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r005c10scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine 12800scope: - version: -

Trust: 0.8

vendor:huaweimodel:ne5000escope: - version: -

Trust: 0.8

vendor:huaweimodel:cloudengine 12800scope:ltversion:v100r005

Trust: 0.8

vendor:huaweimodel:cx600scope: - version: -

Trust: 0.8

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005sph006

Trust: 0.8

vendor:huaweimodel:ptn 6900-2-m8scope: - version: -

Trust: 0.8

vendor:huaweimodel:ne40escope: - version: -

Trust: 0.8

vendor:huaweimodel:ptn 6900-2-m8 v800r007sph019scope:neversion: -

Trust: 0.3

vendor:huaweimodel:ne5000e v800r006sph018scope:neversion: -

Trust: 0.3

vendor:huaweimodel:ne40e v800r007sph017scope:neversion: -

Trust: 0.3

vendor:huaweimodel:cx600 v800r007sph017scope:neversion: -

Trust: 0.3

vendor:huaweimodel:cloudengine v100r005sph006scope:neversion:12800

Trust: 0.3

vendor:huaweimodel:cloudengine v100r003sph010scope:neversion:12800

Trust: 0.3

sources: CNVD: CNVD-2016-05050 // BID: 91772 // JVNDB: JVNDB-2016-004122 // CNNVD: CNNVD-201607-415 // NVD: CVE-2016-6178

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6178
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6178
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-05050
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201607-415
value: HIGH

Trust: 0.6

VULHUB: VHN-94998
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6178
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-05050
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-94998
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6178
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-05050 // VULHUB: VHN-94998 // JVNDB: JVNDB-2016-004122 // CNNVD: CNNVD-201607-415 // NVD: CVE-2016-6178

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-94998 // JVNDB: JVNDB-2016-004122 // NVD: CVE-2016-6178

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-415

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201607-415

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004122

PATCH
title:huawei-sa-20160713-01-multicast-ldp-fec-stackurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-multicast-ldp-fec-stack-en
Trust: 0.8
title:Patches for multiple Huawei product remote code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/79352
Trust: 0.6
title:Multiple Huawei Fixes for product input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62960
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-05050 // 
            
            
            
            JVNDB: JVNDB-2016-004122 // 
            
            
            
            CNNVD: CNNVD-201607-415

EXTERNAL IDS
db:NVDid:CVE-2016-6178
Trust: 3.4
db:BIDid:91772
Trust: 2.6
db:JVNDBid:JVNDB-2016-004122
Trust: 0.8
db:CNNVDid:CNNVD-201607-415
Trust: 0.7
db:CNVDid:CNVD-2016-05050
Trust: 0.6
db:VULHUBid:VHN-94998
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-05050 // 
            
            
            
            VULHUB: VHN-94998 // 
            
            
            
            BID: 91772 // 
            
            
            
            JVNDB: JVNDB-2016-004122 // 
            
            
            
            CNNVD: CNNVD-201607-415 // 
            
            
            
            NVD: CVE-2016-6178

REFERENCES
url:http://www.securityfocus.com/bid/91772
Trust: 2.3
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-multicast-ldp-fec-stack-en
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6178
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6178
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-05050 // 
            
            
            
            VULHUB: VHN-94998 // 
            
            
            
            BID: 91772 // 
            
            
            
            JVNDB: JVNDB-2016-004122 // 
            
            
            
            CNNVD: CNNVD-201607-415 // 
            
            
            
            NVD: CVE-2016-6178

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 91772

SOURCES
db:CNVDid:CNVD-2016-05050
db:VULHUBid:VHN-94998
db:BIDid:91772
db:JVNDBid:JVNDB-2016-004122
db:CNNVDid:CNNVD-201607-415
db:NVDid:CVE-2016-6178

LAST UPDATE DATE
2024-11-23T22:27:00.931000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-05050date:2016-07-21T00:00:00
db:VULHUBid:VHN-94998date:2016-08-03T00:00:00
db:BIDid:91772date:2016-07-13T00:00:00
db:JVNDBid:JVNDB-2016-004122date:2016-08-04T00:00:00
db:CNNVDid:CNNVD-201607-415date:2016-08-03T00:00:00
db:NVDid:CVE-2016-6178date:2024-11-21T02:55:36.670

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-05050date:2016-07-21T00:00:00
db:VULHUBid:VHN-94998date:2016-08-02T00:00:00
db:BIDid:91772date:2016-07-13T00:00:00
db:JVNDBid:JVNDB-2016-004122date:2016-08-04T00:00:00
db:CNNVDid:CNNVD-201607-415date:2016-07-15T00:00:00
db:NVDid:CVE-2016-6178date:2016-08-02T16:59:04.260