Lucene search

[email protected]CVE-2016-8276

HistoryOct 03, 2016 - 9:59 p.m.

CVE-2016-8276

2016-10-0321:59:09

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-8276

buffer overflow

huawei

usg2100

usg2200

usg5100

usg5500

pppoe

chap authentication

denial of service

remote attack

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.

Affected configurations

NVD

Node

huaweiusg2100Matchv300r001c00

huaweiusg2100Matchv300r001c10

huaweiusg2200Matchv300r001c00

huaweiusg2200Matchv300r001c10

huaweiusg5100Matchv300r001c00

huaweiusg5100Matchv300r001c10

huaweiusg5500Matchv300r001c00

huaweiusg5500Matchv300r001c10

CPENameOperatorVersion
huawei:usg2100huawei usg2100eqv300r001c00
huawei:usg2100huawei usg2100eqv300r001c10
huawei:usg2200huawei usg2200eqv300r001c00
huawei:usg2200huawei usg2200eqv300r001c10
huawei:usg5100huawei usg5100eqv300r001c00
huawei:usg5100huawei usg5100eqv300r001c10
huawei:usg5500huawei usg5500eqv300r001c00
huawei:usg5500huawei usg5500eqv300r001c10

CPE	Name	Operator	Version
huawei:usg2100	huawei usg2100	eq	v300r001c00
huawei:usg2100	huawei usg2100	eq	v300r001c10
huawei:usg2200	huawei usg2200	eq	v300r001c00
huawei:usg2200	huawei usg2200	eq	v300r001c10
huawei:usg5100	huawei usg5100	eq	v300r001c00
huawei:usg5100	huawei usg5100	eq	v300r001c10
huawei:usg5500	huawei usg5500	eq	v300r001c00
huawei:usg5500	huawei usg5500	eq	v300r001c10

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en

www.securityfocus.com/bid/92962

Social References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for CVE-2016-8276

prion1 cvelist1 huawei1 nvd1