ID

VAR-201704-0425


CVE

CVE-2016-8802


TITLE

plural Huawei Secospace USG Buffer overflow vulnerability in product security policy execution module

Trust: 0.8

sources: JVNDB: JVNDB-2016-008214

DESCRIPTION

The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. Huawei Secospace is a terminal security management system. A buffer overflow vulnerability exists in multiple Huawei Secospace products. Because the user does not perform a boundary check on the data copied by the user, the attacker can exploit the vulnerability to restart the affected device, resulting in a denial of service condition and possibly executing arbitrary code. Attackers can exploit this issue to reboot the affected device to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Huawei Secospace USG6300 etc. are the firewalls of China Huawei (Huawei). The following products and versions are affected: Huawei Secospace USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6500 USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6600 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version

Trust: 2.52

sources: NVD: CVE-2016-8802 // JVNDB: JVNDB-2016-008214 // CNVD: CNVD-2016-11668 // BID: 94538 // VULHUB: VHN-97622

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11668

AFFECTED PRODUCTS

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c20spc100

Trust: 2.4

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c20spc101

Trust: 2.4

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c20spc200

Trust: 2.4

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c20spc100

Trust: 2.4

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c20spc101

Trust: 2.4

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c20spc200

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c20spc100

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c20spc101

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c20spc200

Trust: 2.4

vendor:huaweimodel:secospace usg6300 v500r001c20spc100scope: - version: -

Trust: 0.9

vendor:huaweimodel:secospace usg6300 v500r001c20spc101scope: - version: -

Trust: 0.9

vendor:huaweimodel:secospace usg6300 v500r001c20spc200scope: - version: -

Trust: 0.9

vendor:huaweimodel:secospace usg6500 v500r001c20spc100scope: - version: -

Trust: 0.9

vendor:huaweimodel:secospace usg6500 v500r001c20spc101scope: - version: -

Trust: 0.9

vendor:huaweimodel:secospace usg6500 v500r001c20spc200scope: - version: -

Trust: 0.9

vendor:huaweimodel:secospace usg6600 v500r001c20spc100scope: - version: -

Trust: 0.9

vendor:huaweimodel:secospace usg6600 v500r001c20spc101scope: - version: -

Trust: 0.9

vendor:huaweimodel:secospace usg6600 v500r001c20spc200scope: - version: -

Trust: 0.9

vendor:huaweimodel:secospace usg6600 v500r001c20spc300scope:neversion: -

Trust: 0.3

vendor:huaweimodel:secospace usg6500 v500r001c20spc300scope:neversion: -

Trust: 0.3

vendor:huaweimodel:secospace usg6300 v500r001c20spc300scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-11668 // BID: 94538 // JVNDB: JVNDB-2016-008214 // CNNVD: CNNVD-201611-650 // NVD: CVE-2016-8802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8802
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8802
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-11668
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-650
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97622
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8802
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11668
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97622
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8802
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11668 // VULHUB: VHN-97622 // JVNDB: JVNDB-2016-008214 // CNNVD: CNNVD-201611-650 // NVD: CVE-2016-8802

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-97622 // JVNDB: JVNDB-2016-008214 // NVD: CVE-2016-8802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-650

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201611-650

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:secospace_usg6300_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:secospace_usg6500_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:secospace_usg6600_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2016-008214

PATCH

title:huawei-sa-20161125-01-usgurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en

Trust: 0.8

title:Patch for buffer overflow vulnerability in multiple HuaweiSecospace productsurl:https://www.cnvd.org.cn/patchInfo/show/84654

Trust: 0.6

title:Multiple Huawei Secospace Repair measures for firewall product buffer overflow vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66066

Trust: 0.6

sources: CNVD: CNVD-2016-11668 // JVNDB: JVNDB-2016-008214 // CNNVD: CNNVD-201611-650

EXTERNAL IDS

db:NVDid:CVE-2016-8802

Trust: 3.4

db:BIDid:94538

Trust: 2.6

db:JVNDBid:JVNDB-2016-008214

Trust: 0.8

db:CNNVDid:CNNVD-201611-650

Trust: 0.7

db:CNVDid:CNVD-2016-11668

Trust: 0.6

db:VULHUBid:VHN-97622

Trust: 0.1

sources: CNVD: CNVD-2016-11668 // VULHUB: VHN-97622 // BID: 94538 // JVNDB: JVNDB-2016-008214 // CNNVD: CNNVD-201611-650 // NVD: CVE-2016-8802

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en

Trust: 2.6

url:http://www.securityfocus.com/bid/94538

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8802

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-8802

Trust: 0.8

url:http://www.huawei.com

Trust: 0.3

sources: CNVD: CNVD-2016-11668 // VULHUB: VHN-97622 // BID: 94538 // JVNDB: JVNDB-2016-008214 // CNNVD: CNNVD-201611-650 // NVD: CVE-2016-8802

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 94538

SOURCES

db:CNVDid:CNVD-2016-11668
db:VULHUBid:VHN-97622
db:BIDid:94538
db:JVNDBid:JVNDB-2016-008214
db:CNNVDid:CNNVD-201611-650
db:NVDid:CVE-2016-8802

LAST UPDATE DATE

2024-11-23T23:05:27.963000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11668date:2016-11-30T00:00:00
db:VULHUBid:VHN-97622date:2017-04-05T00:00:00
db:BIDid:94538date:2016-12-20T01:02:00
db:JVNDBid:JVNDB-2016-008214date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-650date:2016-12-05T00:00:00
db:NVDid:CVE-2016-8802date:2024-11-21T03:00:07.210

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11668date:2016-11-30T00:00:00
db:VULHUBid:VHN-97622date:2017-04-02T00:00:00
db:BIDid:94538date:2016-11-25T00:00:00
db:JVNDBid:JVNDB-2016-008214date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-650date:2016-11-25T00:00:00
db:NVDid:CVE-2016-8802date:2017-04-02T20:59:01.937