Sign-up

ID

VAR-201704-1021


CVE

CVE-2016-8781


TITLE

plural Huawei Secospace USG Denial of service in products (DoS) Vulnerability exposed

Trust: 0.8

sources: JVNDB: JVNDB-2016-008223

DESCRIPTION

Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition. Huawei Firewall is prone to a remote denial-of-service vulnerability. Successful exploits may allow the attacker to cause exhaustion of memory leading to a denial of service condition. Huawei Secospace USG6300 etc. are the firewalls of China Huawei (Huawei). The vulnerability is caused by the program not releasing part of the memory. The following products and versions are affected: Huawei Secospace USG6300 version V500R001C20, V500R001C20SPC200PWE version; Secospace USG6500 version V500R001C20; Secospace USG6600 version V500R001C20, V500R001C20SPC200PWE version

Trust: 1.98

sources: NVD: CVE-2016-8781 // JVNDB: JVNDB-2016-008223 // BID: 94927 // VULHUB: VHN-97601

AFFECTED PRODUCTS

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c20

Trust: 2.4

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c20spc200pwe

Trust: 2.4

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c20

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c20

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c20spc200pwe

Trust: 2.4

vendor:huaweimodel:secospace usg6600 v500r001c20spc200pwescope: - version: -

Trust: 0.3

vendor:huaweimodel:secospace usg6600 v500r001c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:secospace usg6500 v500r001c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:secospace usg6300 v500r001c20spc200pwescope: - version: -

Trust: 0.3

vendor:huaweimodel:secospace usg6300 v500r001c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:secospace usg6600 v500r001c20spc300pwescope:neversion: -

Trust: 0.3

vendor:huaweimodel:secospace usg6500 v500r001c30spc100scope:neversion: -

Trust: 0.3

vendor:huaweimodel:secospace usg6300 v500r001c30spc100scope:neversion: -

Trust: 0.3

vendor:huaweimodel:secospace usg6300 v500r001c20spc300pwescope:neversion: -

Trust: 0.3

sources: BID: 94927 // JVNDB: JVNDB-2016-008223 // CNNVD: CNNVD-201612-546 // NVD: CVE-2016-8781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8781
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8781
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201612-546
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97601
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8781
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-97601
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8781
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-97601 // JVNDB: JVNDB-2016-008223 // CNNVD: CNNVD-201612-546 // NVD: CVE-2016-8781

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-97601 // JVNDB: JVNDB-2016-008223 // NVD: CVE-2016-8781

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-546

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201612-546

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008223

PATCH
title:huawei-sa-20161214-01-firewallurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en
Trust: 0.8
title:Various Huawei firewall security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66573
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008223 // 
            
            
            
            CNNVD: CNNVD-201612-546

EXTERNAL IDS
db:NVDid:CVE-2016-8781
Trust: 2.8
db:BIDid:94927
Trust: 2.0
db:JVNDBid:JVNDB-2016-008223
Trust: 0.8
db:CNNVDid:CNNVD-201612-546
Trust: 0.7
db:VULHUBid:VHN-97601
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97601 // 
            
            
            
            BID: 94927 // 
            
            
            
            JVNDB: JVNDB-2016-008223 // 
            
            
            
            CNNVD: CNNVD-201612-546 // 
            
            
            
            NVD: CVE-2016-8781

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en
Trust: 2.0
url:http://www.securityfocus.com/bid/94927
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8781
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8781
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-97601 // 
            
            
            
            BID: 94927 // 
            
            
            
            JVNDB: JVNDB-2016-008223 // 
            
            
            
            CNNVD: CNNVD-201612-546 // 
            
            
            
            NVD: CVE-2016-8781

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 94927

SOURCES
db:VULHUBid:VHN-97601
db:BIDid:94927
db:JVNDBid:JVNDB-2016-008223
db:CNNVDid:CNNVD-201612-546
db:NVDid:CVE-2016-8781

LAST UPDATE DATE
2024-11-23T21:41:28.212000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97601date:2017-04-05T00:00:00
db:BIDid:94927date:2016-12-20T01:10:00
db:JVNDBid:JVNDB-2016-008223date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201612-546date:2016-12-16T00:00:00
db:NVDid:CVE-2016-8781date:2024-11-21T03:00:03.787

SOURCES RELEASE DATE
db:VULHUBid:VHN-97601date:2017-04-02T00:00:00
db:BIDid:94927date:2016-12-14T00:00:00
db:JVNDBid:JVNDB-2016-008223date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201612-546date:2016-12-16T00:00:00
db:NVDid:CVE-2016-8781date:2017-04-02T20:59:01.593