Sign-up

ID

VAR-201704-0422


CVE

CVE-2016-8797


TITLE

plural Huawei Vulnerability that can consume memory in product software

Trust: 0.8

sources: JVNDB: JVNDB-2016-008269

DESCRIPTION

Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion. The Huawei AR3200 is a Huawei router. The S9700, S5300, S5700, S6300, S6700, S7700, S9300, and S9700 are Huawei switch devices. A number of Huawei products have a memory leak vulnerability. The Multi-Protocol Labeling (MPLS) packet processing module of the device repeatedly requests the memory when processing abnormal packets. There is a risk that the continuous attack will cause the memory to run out. An attacker could exploit this vulnerability to cause the device to run out of memory. The Huawei AR3200 and others are all products of China's Huawei (Huawei). The following products are affected: Huawei AR3200 V200R007C00 Version, V200R005C32 Version, V200R005C20 Version; S12700 V200R008C00 Version, V200R007C00 Version; S5300 V200R008C00 Version, V200R007C00 Version, V200R006C00 Version; S5700 V200R008C00 Version, V200R007C00 Version, V200R006C00 Version; S6300 V200R008C00 Version, V200R007C00 Version; S6700 V200R008C00 version, V200R007C00 version; S7700 V200R008C00 version, V200R007C00 version, V200R006C00 version; S9300 V200R008C00 version, V2007C00 version, V200R006C00 version;

Trust: 2.34

sources: NVD: CVE-2016-8797 // JVNDB: JVNDB-2016-008269 // CNVD: CNVD-2016-11302 // VULHUB: VHN-97617 // VULMON: CVE-2016-8797

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11302

AFFECTED PRODUCTS

vendor:huaweimodel:s9300scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s9300scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s9300scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5300scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s6300scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s5300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s6300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s5300scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar3200scope: - version: -

Trust: 0.8

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r005c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r007c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2016-11302 // JVNDB: JVNDB-2016-008269 // CNNVD: CNNVD-201704-187 // NVD: CVE-2016-8797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8797
value: HIGH

Trust: 1.0

NVD: CVE-2016-8797
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11302
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-187
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97617
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-8797
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8797
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11302
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97617
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8797
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11302 // VULHUB: VHN-97617 // VULMON: CVE-2016-8797 // JVNDB: JVNDB-2016-008269 // CNNVD: CNNVD-201704-187 // NVD: CVE-2016-8797

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-97617 // JVNDB: JVNDB-2016-008269 // NVD: CVE-2016-8797

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-187

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201704-187

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008269

PATCH
title:huawei-sa-20160608-01-mplsurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160608-01-mpls-en
Trust: 0.8
title:Patches for memory leaks in various Huawei productsurl:https://www.cnvd.org.cn/patchInfo/show/84093
Trust: 0.6
title:Various Huawei product memory leak vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69035
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-11302 // 
            
            
            
            JVNDB: JVNDB-2016-008269 // 
            
            
            
            CNNVD: CNNVD-201704-187

EXTERNAL IDS
db:NVDid:CVE-2016-8797
Trust: 3.2
db:JVNDBid:JVNDB-2016-008269
Trust: 0.8
db:CNNVDid:CNNVD-201704-187
Trust: 0.7
db:CNVDid:CNVD-2016-11302
Trust: 0.6
db:VULHUBid:VHN-97617
Trust: 0.1
db:VULMONid:CVE-2016-8797
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11302 // 
            
            
            
            VULHUB: VHN-97617 // 
            
            
            
            VULMON: CVE-2016-8797 // 
            
            
            
            JVNDB: JVNDB-2016-008269 // 
            
            
            
            CNNVD: CNNVD-201704-187 // 
            
            
            
            NVD: CVE-2016-8797

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160608-01-mpls-en
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8797
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8797
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20160608-01-mpls-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/399.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11302 // 
            
            
            
            VULHUB: VHN-97617 // 
            
            
            
            VULMON: CVE-2016-8797 // 
            
            
            
            JVNDB: JVNDB-2016-008269 // 
            
            
            
            CNNVD: CNNVD-201704-187 // 
            
            
            
            NVD: CVE-2016-8797

SOURCES
db:CNVDid:CNVD-2016-11302
db:VULHUBid:VHN-97617
db:VULMONid:CVE-2016-8797
db:JVNDBid:JVNDB-2016-008269
db:CNNVDid:CNNVD-201704-187
db:NVDid:CVE-2016-8797

LAST UPDATE DATE
2024-11-23T22:42:12.464000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11302date:2016-11-18T00:00:00
db:VULHUBid:VHN-97617date:2017-04-11T00:00:00
db:VULMONid:CVE-2016-8797date:2017-04-11T00:00:00
db:JVNDBid:JVNDB-2016-008269date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201704-187date:2017-04-07T00:00:00
db:NVDid:CVE-2016-8797date:2024-11-21T03:00:06.303

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11302date:2016-11-18T00:00:00
db:VULHUBid:VHN-97617date:2017-04-02T00:00:00
db:VULMONid:CVE-2016-8797date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2016-008269date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201704-187date:2017-04-07T00:00:00
db:NVDid:CVE-2016-8797date:2017-04-02T20:59:01.860