Sign-up

ID

VAR-201803-1081


CVE

CVE-2016-8786


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-008970

DESCRIPTION

Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei S12700 is an intelligent routing switch of China Huawei. A number of Huawei products have a denial of service vulnerability, which stems from the lack of input detection in the program. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to restart the affected device, denying service to legitimate users. Huawei S12700, S5700, S6700, S7700, and S9700 are vulnerable. The following products and versions are affected: Huawei S12700 V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version; S5700 V200R006C00 Version, V200R007C00 Version, V200R008C00 Version; S6700 V200R008C00 Version; S7700 V200R001C00 Version, V200R002C00 Version, V200R003C00 Version, V200R005C00 Version, V200R006C00 Version , V200R007C00, V200R008C00; S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00

Trust: 2.52

sources: NVD: CVE-2016-8786 // JVNDB: JVNDB-2016-008970 // CNVD: CNVD-2017-00050 // BID: 95139 // VULHUB: VHN-97606

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-00050

AFFECTED PRODUCTS

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r003c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r001c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r002c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r005c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r001c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r002c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s7700 v200r003c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r005c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s9700 v200r003c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s9700 v200r005c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s12700 v200r005c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r001c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r002c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r006c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r008c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s9700 v200r001c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s9700 v200r002c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s9700 v200r006c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s9700 v200r008c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s12700 v200r006c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s12700 v200r008c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s6700 v200r008c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s5700 v200r006c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s5700 v200r008c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s12700 v200r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s5700 v200r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s9700 v200r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700 v200r009c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s7700 v200r009c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s6700 v200r008c00spc500+v2scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r009c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r008c00spc500+v2scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s12700 v200r009c00spc500scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-00050 // BID: 95139 // JVNDB: JVNDB-2016-008970 // CNNVD: CNNVD-201612-758 // NVD: CVE-2016-8786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8786
value: HIGH

Trust: 1.0

NVD: CVE-2016-8786
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-00050
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-758
value: HIGH

Trust: 0.6

VULHUB: VHN-97606
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-8786
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-00050
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97606
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8786
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-00050 // VULHUB: VHN-97606 // JVNDB: JVNDB-2016-008970 // CNNVD: CNNVD-201612-758 // NVD: CVE-2016-8786

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-97606 // JVNDB: JVNDB-2016-008970 // NVD: CVE-2016-8786

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-758

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201612-758

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008970

PATCH
title:huawei-sa-20161228-01-rsvpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-01-rsvp-en
Trust: 0.8
title:Patches for various Huawei product denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/87258
Trust: 0.6
title:Various Huawei product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66715
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-00050 // 
            
            
            
            JVNDB: JVNDB-2016-008970 // 
            
            
            
            CNNVD: CNNVD-201612-758

EXTERNAL IDS
db:NVDid:CVE-2016-8786
Trust: 3.4
db:BIDid:95139
Trust: 2.6
db:JVNDBid:JVNDB-2016-008970
Trust: 0.8
db:CNNVDid:CNNVD-201612-758
Trust: 0.7
db:CNVDid:CNVD-2017-00050
Trust: 0.6
db:VULHUBid:VHN-97606
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00050 // 
            
            
            
            VULHUB: VHN-97606 // 
            
            
            
            BID: 95139 // 
            
            
            
            JVNDB: JVNDB-2016-008970 // 
            
            
            
            CNNVD: CNNVD-201612-758 // 
            
            
            
            NVD: CVE-2016-8786

REFERENCES
url:http://www.securityfocus.com/bid/95139
Trust: 2.3
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-01-rsvp-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8786
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8786
Trust: 0.8
url:http://www.huawei.com/en/
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161228-01-rsvp-en
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-00050 // 
            
            
            
            VULHUB: VHN-97606 // 
            
            
            
            BID: 95139 // 
            
            
            
            JVNDB: JVNDB-2016-008970 // 
            
            
            
            CNNVD: CNNVD-201612-758 // 
            
            
            
            NVD: CVE-2016-8786

CREDITS
Huawei internal tester
Trust: 0.3
sources:
            
            
            BID: 95139

SOURCES
db:CNVDid:CNVD-2017-00050
db:VULHUBid:VHN-97606
db:BIDid:95139
db:JVNDBid:JVNDB-2016-008970
db:CNNVDid:CNNVD-201612-758
db:NVDid:CVE-2016-8786

LAST UPDATE DATE
2024-11-23T22:34:19.502000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-00050date:2017-01-03T00:00:00
db:VULHUBid:VHN-97606date:2018-03-26T00:00:00
db:BIDid:95139date:2017-01-12T06:07:00
db:JVNDBid:JVNDB-2016-008970date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201612-758date:2018-03-12T00:00:00
db:NVDid:CVE-2016-8786date:2024-11-21T03:00:04.643

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-00050date:2017-01-03T00:00:00
db:VULHUBid:VHN-97606date:2018-03-09T00:00:00
db:BIDid:95139date:2016-12-28T00:00:00
db:JVNDBid:JVNDB-2016-008970date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201612-758date:2016-12-29T00:00:00
db:NVDid:CVE-2016-8786date:2018-03-09T21:29:00.440