Lucene search

Huawei TechnologiesHUAWEI-SA-20160713-01-MULTICAST-LDP-FEC-STACK

HistoryJul 13, 2016 - 12:00 a.m.

Security Advisory - Input Validation Vulnerability in Multiple Huawei Products

2016-07-1300:00:00

Huawei Technologies

www.huawei.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.018 Low

EPSS

Percentile

88.2%

JSON

There is an input validation vulnerability in Huawei multiple products, an attacker with control plane access may exploit this vulnerability by crafting a malformed packet. An exploit could allow the attacker to cause a Denial of Service or execute arbitrary code. (Vulnerability ID: HWPSIRT-2016-04001)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6178.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-multicast-ldp-fec-stack-en

Affected configurations

Vulners

Node

huaweine40eMatchv600r008c20

huaweine40eMatchv800r006c00

huaweine40eMatchv800r006c20

huaweine40eMatchv800r006c30

huaweine40eMatchv800r007c00

huaweicx600Matchv600r008c20

huaweicx600Matchv800r006c00

huaweicx600Matchv800r006c20

huaweicx600Matchv800r007c00

huaweiptn_6900-2-m8Matchv800r007c00

huaweine5000eMatchv800r006c00

huaweicloudengine_12800_firmwareMatchv100r003c00

huaweicloudengine_12800_firmwareMatchv100r003c10

huaweicloudengine_12800_firmwareMatchv100r005c00

huaweicloudengine_12800_firmwareMatchv100r005c10

CPENameOperatorVersion
ne40eeqV600R008C20
ne40eeqV800R006C00
ne40eeqV800R006C20
ne40eeqV800R006C30
ne40eeqV800R007C00
cx600eqV600R008C20
cx600eqV800R006C00
cx600eqV800R006C20
cx600eqV800R007C00
ptn 6900-2-m8eqV800R007C00

Name	Operator	Version
ne40e	eq	V600R008C20
ne40e	eq	V800R006C00
ne40e	eq	V800R006C20
ne40e	eq	V800R006C30
ne40e	eq	V800R007C00
cx600	eq	V600R008C20
cx600	eq	V800R006C00
cx600	eq	V800R006C20
cx600	eq	V800R007C00
ptn 6900-2-m8	eq	V800R007C00

Rows per page:

1-10 of 151

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for HUAWEI-SA-20160713-01-MULTICAST-LDP-FEC-STACK