Details of VAR-201610-0208

ID

VAR-201610-0208

CVE

CVE-2016-8277

TITLE

plural Huawei USG Service disruption in product software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-005101

DESCRIPTION

Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. Multiple Huawei products are prone to a remote denial-of-service vulnerability. The Huawei USG9520 and others are the unified security gateway products of China's Huawei (Huawei). The vulnerability is caused by the program failing to verify the parameters in the command. The following versions are affected: Huawei USG9520 V300R001C01; USG9560 V300R001C01; USG9580 V300R001C01

Trust: 1.98

sources: NVD: CVE-2016-8277 // JVNDB: JVNDB-2016-005101 // BID: 93097 // VULHUB: VHN-97097

AFFECTED PRODUCTS

vendor:	huawei	model:	usg9560	scope:	eq	version:	v300r001c01	Trust: 1.6
vendor:	huawei	model:	usg9520	scope:	eq	version:	v300r001c01	Trust: 1.6
vendor:	huawei	model:	usg9580	scope:	eq	version:	v300r001c01	Trust: 1.6
vendor:	huawei	model:	usg9520	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9520	scope:	lt	version:	v300r001c01spca00	Trust: 0.8
vendor:	huawei	model:	usg9560	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9560	scope:	lt	version:	v300r001c01spca00	Trust: 0.8
vendor:	huawei	model:	usg9580	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9580	scope:	lt	version:	v300r001c01spca00	Trust: 0.8
vendor:	huawei	model:	usg9580 v300r001c01	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg9560 v300r001c01	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg9520 v300r001c01	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	usg9580 v300r001c01spc800	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	usg9560 v300r001c01spc800	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	usg9520 v300r001c01spc800	scope:	ne	version:	-	Trust: 0.3

sources: BID: 93097 // JVNDB: JVNDB-2016-005101 // CNNVD: CNNVD-201609-519 // NVD: CVE-2016-8277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8277
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-8277
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201609-519
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-97097
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8277
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-97097
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8277
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-97097 // JVNDB: JVNDB-2016-005101 // CNNVD: CNNVD-201609-519 // NVD: CVE-2016-8277

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-97097 // JVNDB: JVNDB-2016-005101 // NVD: CVE-2016-8277

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-519

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201609-519

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005101

PATCH

title:	huawei-sa-20160921-01-firewall	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160921-01-firewall-en	Trust: 0.8
title:	Multiple Huawei Product denial of service vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64255	Trust: 0.6

sources: JVNDB: JVNDB-2016-005101 // CNNVD: CNNVD-201609-519

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8277	Trust: 2.8
db:	BID	id:	93097	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-005101	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-519	Trust: 0.7
db:	VULHUB	id:	VHN-97097	Trust: 0.1

sources: VULHUB: VHN-97097 // BID: 93097 // JVNDB: JVNDB-2016-005101 // CNNVD: CNNVD-201609-519 // NVD: CVE-2016-8277

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160921-01-firewall-en	Trust: 2.0
url:	http://www.securityfocus.com/bid/93097	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8277	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8277	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3

sources: VULHUB: VHN-97097 // BID: 93097 // JVNDB: JVNDB-2016-005101 // CNNVD: CNNVD-201609-519 // NVD: CVE-2016-8277

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 93097

SOURCES

db:	VULHUB	id:	VHN-97097
db:	BID	id:	93097
db:	JVNDB	id:	JVNDB-2016-005101
db:	CNNVD	id:	CNNVD-201609-519
db:	NVD	id:	CVE-2016-8277

LAST UPDATE DATE

2024-11-23T22:49:13.921000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-97097	date:	2016-10-06T00:00:00
db:	BID	id:	93097	date:	2016-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2016-005101	date:	2016-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201609-519	date:	2016-10-08T00:00:00
db:	NVD	id:	CVE-2016-8277	date:	2024-11-21T02:59:03.883

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-97097	date:	2016-10-03T00:00:00
db:	BID	id:	93097	date:	2016-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-005101	date:	2016-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201609-519	date:	2016-09-22T00:00:00
db:	NVD	id:	CVE-2016-8277	date:	2016-10-03T21:59:10.583