Sign-up

ID

VAR-201803-1077


CVE

CVE-2016-8782


TITLE

Huawei CloudEngine 12800 Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008961

DESCRIPTION

Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak. Huawei CloudEngine 12800 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiCloudEngine12800 is the switch device of China Huawei. Huawei CloudEngine 12800 is prone to a remote denial-of-service vulnerability. Successful exploits may allow the attacker to cause denial of service condition. The following versions are affected: Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00

Trust: 2.52

sources: NVD: CVE-2016-8782 // JVNDB: JVNDB-2016-008961 // CNVD: CNVD-2016-12338 // BID: 94941 // VULHUB: VHN-97602

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12338

AFFECTED PRODUCTS

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r003c00

Trust: 2.4

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r003c10

Trust: 2.4

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c00

Trust: 2.4

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c10

Trust: 2.4

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r006c00

Trust: 2.4

vendor:huaweimodel:cloudengine v100r003c00scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r003c10scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r005c00scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r005c10scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r006c00scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v200r001c00spc700scope:neversion:12800

Trust: 0.3

sources: CNVD: CNVD-2016-12338 // BID: 94941 // JVNDB: JVNDB-2016-008961 // CNNVD: CNNVD-201612-596 // NVD: CVE-2016-8782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8782
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8782
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-12338
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-596
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97602
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8782
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12338
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97602
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8782
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12338 // VULHUB: VHN-97602 // JVNDB: JVNDB-2016-008961 // CNNVD: CNNVD-201612-596 // NVD: CVE-2016-8782

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-97602 // JVNDB: JVNDB-2016-008961 // NVD: CVE-2016-8782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-596

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201612-596

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008961

PATCH
title:Security Advisory - Memory Leak Vulnerability in Some Huawei Productsurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en
Trust: 0.8
title:HuaweiCloudEngine12800 switch memory leak vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/85898
Trust: 0.6
title:Huawei CloudEngine 12800 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66620
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12338 // 
            
            
            
            JVNDB: JVNDB-2016-008961 // 
            
            
            
            CNNVD: CNNVD-201612-596

EXTERNAL IDS
db:NVDid:CVE-2016-8782
Trust: 3.4
db:BIDid:94941
Trust: 2.0
db:JVNDBid:JVNDB-2016-008961
Trust: 0.8
db:CNNVDid:CNNVD-201612-596
Trust: 0.7
db:CNVDid:CNVD-2016-12338
Trust: 0.6
db:VULHUBid:VHN-97602
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12338 // 
            
            
            
            VULHUB: VHN-97602 // 
            
            
            
            BID: 94941 // 
            
            
            
            JVNDB: JVNDB-2016-008961 // 
            
            
            
            CNNVD: CNNVD-201612-596 // 
            
            
            
            NVD: CVE-2016-8782

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en
Trust: 2.0
url:http://www.securityfocus.com/bid/94941
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8782
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8782
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161214-01-ldp-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12338 // 
            
            
            
            VULHUB: VHN-97602 // 
            
            
            
            BID: 94941 // 
            
            
            
            JVNDB: JVNDB-2016-008961 // 
            
            
            
            CNNVD: CNNVD-201612-596 // 
            
            
            
            NVD: CVE-2016-8782

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 94941

SOURCES
db:CNVDid:CNVD-2016-12338
db:VULHUBid:VHN-97602
db:BIDid:94941
db:JVNDBid:JVNDB-2016-008961
db:CNNVDid:CNNVD-201612-596
db:NVDid:CVE-2016-8782

LAST UPDATE DATE
2024-11-23T22:38:15.669000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12338date:2016-12-22T00:00:00
db:VULHUBid:VHN-97602date:2018-03-26T00:00:00
db:BIDid:94941date:2016-12-20T03:08:00
db:JVNDBid:JVNDB-2016-008961date:2018-04-17T00:00:00
db:CNNVDid:CNNVD-201612-596date:2018-03-12T00:00:00
db:NVDid:CVE-2016-8782date:2024-11-21T03:00:04.160

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12338date:2016-12-15T00:00:00
db:VULHUBid:VHN-97602date:2018-03-09T00:00:00
db:BIDid:94941date:2016-12-14T00:00:00
db:JVNDBid:JVNDB-2016-008961date:2018-04-17T00:00:00
db:CNNVDid:CNNVD-201612-596date:2016-12-20T00:00:00
db:NVDid:CVE-2016-8782date:2018-03-09T21:29:00.207