Details of VAR-201704-1020

ID

VAR-201704-1020

CVE

CVE-2016-8780

TITLE

plural Huawei CloudEngine Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008218

DESCRIPTION

Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition. plural Huawei CloudEngine The product is vulnerable to resource exhaustion.Service operation interruption (DoS) An attack may be carried out. HuaweiCloudEngine12800, CloudEngine6800, CloudEngine7800, and CloudEngine8800 are Huawei switch devices. A number of Huawei switches have a denial of service vulnerability. Multiple Huawei CloudEngine products are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service condition. Huawei CloudEngine 8800 and others are data center switches of China's Huawei (Huawei). The following products are affected: Huawei CloudEngine 8800 V100R006C00, Huawei CloudEngine 7800 V100R006C00, Huawei CloudEngine 6800 V100R006C00, and Huawei CloudEngine 12800 V100R006C00

Trust: 2.52

sources: NVD: CVE-2016-8780 // JVNDB: JVNDB-2016-008218 // CNVD: CNVD-2016-11724 // BID: 94618 // VULHUB: VHN-97600

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11724

AFFECTED PRODUCTS

vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v100r006c00	Trust: 2.4
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v100r006c00	Trust: 2.4
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v100r006c00	Trust: 2.4
vendor:	huawei	model:	cloudengine 8800	scope:	eq	version:	v100r006c00	Trust: 2.4
vendor:	huawei	model:	cloudengine v100r006c00	scope:	eq	version:	12800	Trust: 0.9
vendor:	huawei	model:	cloudengine v100r006c00	scope:	eq	version:	6800	Trust: 0.9
vendor:	huawei	model:	cloudengine v100r006c00	scope:	eq	version:	7800	Trust: 0.9
vendor:	huawei	model:	cloudengine v100r006c00	scope:	eq	version:	8800	Trust: 0.9
vendor:	huawei	model:	cloudengine v200r001c00	scope:	ne	version:	8800	Trust: 0.3
vendor:	huawei	model:	cloudengine v200r001c00	scope:	ne	version:	7800	Trust: 0.3
vendor:	huawei	model:	cloudengine v200r001c00	scope:	ne	version:	6800	Trust: 0.3
vendor:	huawei	model:	cloudengine v200r001c00	scope:	ne	version:	12800	Trust: 0.3

sources: CNVD: CNVD-2016-11724 // BID: 94618 // JVNDB: JVNDB-2016-008218 // CNNVD: CNNVD-201612-015 // NVD: CVE-2016-8780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8780
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-8780
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-11724
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201612-015
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-97600
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8780
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-11724
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97600
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8780
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-11724 // VULHUB: VHN-97600 // JVNDB: JVNDB-2016-008218 // CNNVD: CNNVD-201612-015 // NVD: CVE-2016-8780

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-97600 // JVNDB: JVNDB-2016-008218 // NVD: CVE-2016-8780

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-015

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201612-015

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008218

PATCH

title:	huawei-sa-20161130-01-switch	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-switch-en	Trust: 0.8
title:	Patches for denial of service vulnerabilities in various Huawei switches	url:	https://www.cnvd.org.cn/patchInfo/show/84783	Trust: 0.6
title:	Multiple Huawei CloudEngine Product denial of service vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65994	Trust: 0.6

sources: CNVD: CNVD-2016-11724 // JVNDB: JVNDB-2016-008218 // CNNVD: CNNVD-201612-015

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8780	Trust: 3.4
db:	BID	id:	94618	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-008218	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-015	Trust: 0.7
db:	CNVD	id:	CNVD-2016-11724	Trust: 0.6
db:	VULHUB	id:	VHN-97600	Trust: 0.1

sources: CNVD: CNVD-2016-11724 // VULHUB: VHN-97600 // BID: 94618 // JVNDB: JVNDB-2016-008218 // CNNVD: CNNVD-201612-015 // NVD: CVE-2016-8780

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-switch-en	Trust: 2.0
url:	http://www.securityfocus.com/bid/94618	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8780	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8780	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161130-01-switch-cn	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3

sources: CNVD: CNVD-2016-11724 // VULHUB: VHN-97600 // BID: 94618 // JVNDB: JVNDB-2016-008218 // CNNVD: CNNVD-201612-015 // NVD: CVE-2016-8780

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 94618

SOURCES

db:	CNVD	id:	CNVD-2016-11724
db:	VULHUB	id:	VHN-97600
db:	BID	id:	94618
db:	JVNDB	id:	JVNDB-2016-008218
db:	CNNVD	id:	CNNVD-201612-015
db:	NVD	id:	CVE-2016-8780

LAST UPDATE DATE

2024-11-23T22:01:11.282000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11724	date:	2016-12-01T00:00:00
db:	VULHUB	id:	VHN-97600	date:	2017-04-05T00:00:00
db:	BID	id:	94618	date:	2016-12-20T01:04:00
db:	JVNDB	id:	JVNDB-2016-008218	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201612-015	date:	2016-12-02T00:00:00
db:	NVD	id:	CVE-2016-8780	date:	2024-11-21T03:00:03.580

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-11724	date:	2016-12-01T00:00:00
db:	VULHUB	id:	VHN-97600	date:	2017-04-02T00:00:00
db:	BID	id:	94618	date:	2016-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-008218	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201612-015	date:	2016-12-02T00:00:00
db:	NVD	id:	CVE-2016-8780	date:	2017-04-02T20:59:01.563