Sign-up

ID

VAR-201803-1079


CVE

CVE-2016-8784


TITLE

Huawei CloudEngine 12800 Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008962

DESCRIPTION

Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak. Huawei CloudEngine 12800 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiCloudEngine12800 is the switch device of China Huawei. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service condition. The following versions are affected: CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, and V100R006C00

Trust: 2.52

sources: NVD: CVE-2016-8784 // JVNDB: JVNDB-2016-008962 // CNVD: CNVD-2016-12844 // BID: 95079 // VULHUB: VHN-97604

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12844

AFFECTED PRODUCTS

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r003c00

Trust: 2.4

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r003c10

Trust: 2.4

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c00

Trust: 2.4

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c10

Trust: 2.4

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r006c00

Trust: 2.4

vendor:huaweimodel:cloudengine v100r003c00scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r003c10scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r005c00scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r005c10scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r006c00scope:eqversion:12800

Trust: 0.9

vendor:huaweimodel:cloudengine v100r006sph005scope:neversion:12800

Trust: 0.3

vendor:huaweimodel:cloudengine v100r005sph005scope:neversion:12800

Trust: 0.3

vendor:huaweimodel:cloudengine v100r003sph011scope:neversion:12800

Trust: 0.3

sources: CNVD: CNVD-2016-12844 // BID: 95079 // JVNDB: JVNDB-2016-008962 // CNNVD: CNNVD-201612-642 // NVD: CVE-2016-8784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8784
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8784
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-12844
value: LOW

Trust: 0.6

CNNVD: CNNVD-201612-642
value: LOW

Trust: 0.6

VULHUB: VHN-97604
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-8784
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12844
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97604
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8784
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12844 // VULHUB: VHN-97604 // JVNDB: JVNDB-2016-008962 // CNNVD: CNNVD-201612-642 // NVD: CVE-2016-8784

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-97604 // JVNDB: JVNDB-2016-008962 // NVD: CVE-2016-8784

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201612-642

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201612-642

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008962

PATCH
title:Security Advisory - Memory Leak Vulnerability in Some Huawei Productsurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161221-01-ldp-en
Trust: 0.8
title:Patch for HuaweiCloudEngine12800 Switch Memory Leak Vulnerability (CNVD-2016-12844)url:https://www.cnvd.org.cn/patchInfo/show/86500
Trust: 0.6
title:Huawei CloudEngine 12800 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66662
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12844 // 
            
            
            
            JVNDB: JVNDB-2016-008962 // 
            
            
            
            CNNVD: CNNVD-201612-642

EXTERNAL IDS
db:NVDid:CVE-2016-8784
Trust: 3.4
db:BIDid:95079
Trust: 2.0
db:JVNDBid:JVNDB-2016-008962
Trust: 0.8
db:CNNVDid:CNNVD-201612-642
Trust: 0.7
db:CNVDid:CNVD-2016-12844
Trust: 0.6
db:VULHUBid:VHN-97604
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12844 // 
            
            
            
            VULHUB: VHN-97604 // 
            
            
            
            BID: 95079 // 
            
            
            
            JVNDB: JVNDB-2016-008962 // 
            
            
            
            CNNVD: CNNVD-201612-642 // 
            
            
            
            NVD: CVE-2016-8784

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161221-01-ldp-en
Trust: 2.0
url:http://www.securityfocus.com/bid/95079
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8784
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8784
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161221-01-ldp-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12844 // 
            
            
            
            VULHUB: VHN-97604 // 
            
            
            
            BID: 95079 // 
            
            
            
            JVNDB: JVNDB-2016-008962 // 
            
            
            
            CNNVD: CNNVD-201612-642 // 
            
            
            
            NVD: CVE-2016-8784

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 95079

SOURCES
db:CNVDid:CNVD-2016-12844
db:VULHUBid:VHN-97604
db:BIDid:95079
db:JVNDBid:JVNDB-2016-008962
db:CNNVDid:CNNVD-201612-642
db:NVDid:CVE-2016-8784

LAST UPDATE DATE
2024-11-23T22:26:26.917000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12844date:2016-12-22T00:00:00
db:VULHUBid:VHN-97604date:2018-03-26T00:00:00
db:BIDid:95079date:2017-01-12T01:04:00
db:JVNDBid:JVNDB-2016-008962date:2018-04-17T00:00:00
db:CNNVDid:CNNVD-201612-642date:2018-03-12T00:00:00
db:NVDid:CVE-2016-8784date:2024-11-21T03:00:04.400

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12844date:2016-12-22T00:00:00
db:VULHUBid:VHN-97604date:2018-03-09T00:00:00
db:BIDid:95079date:2016-12-23T00:00:00
db:JVNDBid:JVNDB-2016-008962date:2018-04-17T00:00:00
db:CNNVDid:CNNVD-201612-642date:2016-12-23T00:00:00
db:NVDid:CVE-2016-8784date:2018-03-09T21:29:00.300