Details of VAR-201609-0170

ID

VAR-201609-0170

CVE

CVE-2016-6669

TITLE

plural Huawei USG Product software AAA Module buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004835

DESCRIPTION

Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet. Multiple Huawei USG Products are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the affected device. Failed exploit attempts will result in denial-of-service conditions. Huawei USG2100 and others are the unified security gateway products of China Huawei (Huawei). Authentication, Authorization and Accounting (AAA) is one of the modules used to deal with computer resources and user requirements and provide authentication and authorization for enterprises. The AAA module in several Huawei products has a buffer overflow vulnerability. The following products and versions are affected: Huawei USG2100 V300R001C00, V300R001C10; USG2200 V300R001C00, V300R001C10; USG5100 V300R001C00, V300R001C10; USG5500 V300R001C00, V1C10R00

Trust: 1.98

sources: NVD: CVE-2016-6669 // JVNDB: JVNDB-2016-004835 // BID: 92441 // VULHUB: VHN-95489

AFFECTED PRODUCTS

vendor:	huawei	model:	usg5500	scope:	lte	version:	v300r001c00	Trust: 1.0
vendor:	huawei	model:	usg5100	scope:	lte	version:	v300r001c00	Trust: 1.0
vendor:	huawei	model:	usg2200	scope:	lte	version:	v300r001c10	Trust: 1.0
vendor:	huawei	model:	usg5100	scope:	lte	version:	v300r001c10	Trust: 1.0
vendor:	huawei	model:	usg5500	scope:	lte	version:	v300r001c10	Trust: 1.0
vendor:	huawei	model:	usg2100	scope:	lte	version:	v300r001c00	Trust: 1.0
vendor:	huawei	model:	usg2100	scope:	lte	version:	v300r001c10	Trust: 1.0
vendor:	huawei	model:	usg2200	scope:	lte	version:	v300r001c00	Trust: 1.0
vendor:	huawei	model:	usg2100	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg2100	scope:	lt	version:	v300r001c10spc600	Trust: 0.8
vendor:	huawei	model:	usg2200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg2200	scope:	lt	version:	v300r001c10spc600	Trust: 0.8
vendor:	huawei	model:	usg5100	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg5100	scope:	lt	version:	v300r001c10spc600	Trust: 0.8
vendor:	huawei	model:	usg5500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg5500	scope:	lt	version:	v300r001c10spc600	Trust: 0.8
vendor:	huawei	model:	usg2200	scope:	eq	version:	v300r001c10	Trust: 0.6
vendor:	huawei	model:	usg5500	scope:	eq	version:	v300r001c10	Trust: 0.6
vendor:	huawei	model:	usg2100	scope:	eq	version:	v300r001c10	Trust: 0.6
vendor:	huawei	model:	usg5100	scope:	eq	version:	v300r001c00	Trust: 0.6
vendor:	huawei	model:	usg5100	scope:	eq	version:	v300r001c10	Trust: 0.6
vendor:	huawei	model:	usg2200	scope:	eq	version:	v300r001c00	Trust: 0.6
vendor:	huawei	model:	usg5500	scope:	eq	version:	v300r001c00	Trust: 0.6
vendor:	huawei	model:	usg2100	scope:	eq	version:	v300r001c00	Trust: 0.6
vendor:	huawei	model:	usg5500 v300r001c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg5500 v300r001c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg5100 v300r001c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg5100 v300r001c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg2200 v300r001c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg2200 v300r001c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg2100 v300r001c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg2100 v300r001c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg5500 v300r001c10spc600	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	usg5100 v300r001c10spc600	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	usg2200 v300r001c10spc600	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	usg2100 v300r001c10spc600	scope:	ne	version:	-	Trust: 0.3

sources: BID: 92441 // JVNDB: JVNDB-2016-004835 // CNNVD: CNNVD-201608-283 // NVD: CVE-2016-6669

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6669
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6669
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-283
value:	HIGH
Trust: 0.6
VULHUB:	VHN-95489
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-6669
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95489
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6669
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95489 // JVNDB: JVNDB-2016-004835 // CNNVD: CNNVD-201608-283 // NVD: CVE-2016-6669

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-95489 // JVNDB: JVNDB-2016-004835 // NVD: CVE-2016-6669

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-283

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201608-283

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004835

PATCH

title:	huawei-sa-20160810-01-usg	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en	Trust: 0.8
title:	Multiple Huawei Product Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63655	Trust: 0.6

sources: JVNDB: JVNDB-2016-004835 // CNNVD: CNNVD-201608-283

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6669	Trust: 2.8
db:	BID	id:	92441	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-004835	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-283	Trust: 0.6
db:	VULHUB	id:	VHN-95489	Trust: 0.1

sources: VULHUB: VHN-95489 // BID: 92441 // JVNDB: JVNDB-2016-004835 // CNNVD: CNNVD-201608-283 // NVD: CVE-2016-6669

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en	Trust: 2.0
url:	http://www.securityfocus.com/bid/92441	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6669	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6669	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3

sources: VULHUB: VHN-95489 // BID: 92441 // JVNDB: JVNDB-2016-004835 // CNNVD: CNNVD-201608-283 // NVD: CVE-2016-6669

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 92441

SOURCES

db:	VULHUB	id:	VHN-95489
db:	BID	id:	92441
db:	JVNDB	id:	JVNDB-2016-004835
db:	CNNVD	id:	CNNVD-201608-283
db:	NVD	id:	CVE-2016-6669

LAST UPDATE DATE

2024-11-23T22:07:47.351000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95489	date:	2016-11-28T00:00:00
db:	BID	id:	92441	date:	2016-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2016-004835	date:	2016-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201608-283	date:	2016-09-23T00:00:00
db:	NVD	id:	CVE-2016-6669	date:	2024-11-21T02:56:35.337

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95489	date:	2016-09-22T00:00:00
db:	BID	id:	92441	date:	2016-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2016-004835	date:	2016-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201608-283	date:	2016-08-15T00:00:00
db:	NVD	id:	CVE-2016-6669	date:	2016-09-22T15:59:05.977