Lucene search

Huawei TechnologiesHUAWEI-SA-20160824-01-VRP

HistoryAug 24, 2016 - 12:00 a.m.

Security Advisory - Uncontrolled Format String Vulnerability on Multiple Products

2016-08-2400:00:00

Huawei Technologies

www.huawei.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

51.6%

JSON

Several Huawei routers and switches have an uncontrolled format string vulnerability when processing partial commands. An authenticated attacker could exploit this vulnerability to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-07011)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6901.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en>

Affected configurations

Vulners

Node

huaweiar100_firmwareMatchv200r005

huaweiar120_firmwareMatchv200r005

huaweiar150_firmwareMatchv200r005

huaweiar200_firmwareMatchv200r005

huaweiar500_firmwareMatchv200r005

huaweiar550_firmwareMatchv200r005

huaweiar1200_firmwareMatchv200r005

huaweiar2200_firmwareMatchv200r005

huaweiar2500_firmwareMatchv200r005

huaweiar3200_firmwareMatchv200r005

huaweiar3600_firmwareMatchv200r005

huaweiar100_firmwareMatchv200r006

huaweiar120_firmwareMatchv200r006

huaweiar150_firmwareMatchv200r006

huaweiar200_firmwareMatchv200r006

huaweiar500_firmwareMatchv200r006

huaweiar550_firmwareMatchv200r006

huaweiar1200_firmwareMatchv200r006

huaweiar2200_firmwareMatchv200r006

huaweiar2500_firmwareMatchv200r006

huaweiar3200_firmwareMatchv200r006

huaweiar3600_firmwareMatchv200r006

huaweiar100_firmwareMatchv200r007c00

huaweiar120_firmwareMatchv200r007c00

huaweiar150_firmwareMatchv200r007c00

huaweiar200_firmwareMatchv200r007c00

huaweiar500_firmwareMatchv200r007c00

huaweiar550_firmwareMatchv200r007c00

huaweiar1200_firmwareMatchv200r007c00

huaweiar2200_firmwareMatchv200r007c00

huaweiar2500_firmwareMatchv200r007c00

huaweiar3200_firmwareMatchv200r007c00

huaweiar3600_firmwareMatchv200r007c00

huaweinetengine_16ex_firmwareMatchv200r005

huaweinetengine_16ex_firmwareMatchv200r006

huaweinetengine_16ex_firmwareMatchv200r007c00

VendorProductVersionCPE
huaweiar100_firmwarev200r005cpe:2.3:o:huawei:ar100_firmware:v200r005:*:*:*:*:*:*:*
huaweiar120_firmwarev200r005cpe:2.3:o:huawei:ar120_firmware:v200r005:*:*:*:*:*:*:*
huaweiar150_firmwarev200r005cpe:2.3:o:huawei:ar150_firmware:v200r005:*:*:*:*:*:*:*
huaweiar200_firmwarev200r005cpe:2.3:o:huawei:ar200_firmware:v200r005:*:*:*:*:*:*:*
huaweiar500_firmwarev200r005cpe:2.3:a:huawei:ar500_firmware:v200r005:*:*:*:*:*:*:*
huaweiar550_firmwarev200r005cpe:2.3:a:huawei:ar550_firmware:v200r005:*:*:*:*:*:*:*
huaweiar1200_firmwarev200r005cpe:2.3:o:huawei:ar1200_firmware:v200r005:*:*:*:*:*:*:*
huaweiar2200_firmwarev200r005cpe:2.3:o:huawei:ar2200_firmware:v200r005:*:*:*:*:*:*:*
huaweiar2500_firmwarev200r005cpe:2.3:a:huawei:ar2500_firmware:v200r005:*:*:*:*:*:*:*
huaweiar3200_firmwarev200r005cpe:2.3:o:huawei:ar3200_firmware:v200r005:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	ar100_firmware	v200r005	cpe:2.3:o:huawei:ar100_firmware:v200r005:::::::*
huawei	ar120_firmware	v200r005	cpe:2.3:o:huawei:ar120_firmware:v200r005:::::::*
huawei	ar150_firmware	v200r005	cpe:2.3:o:huawei:ar150_firmware:v200r005:::::::*
huawei	ar200_firmware	v200r005	cpe:2.3:o:huawei:ar200_firmware:v200r005:::::::*
huawei	ar500_firmware	v200r005	cpe:2.3:a:huawei:ar500_firmware:v200r005:::::::*
huawei	ar550_firmware	v200r005	cpe:2.3:a:huawei:ar550_firmware:v200r005:::::::*
huawei	ar1200_firmware	v200r005	cpe:2.3:o:huawei:ar1200_firmware:v200r005:::::::*
huawei	ar2200_firmware	v200r005	cpe:2.3:o:huawei:ar2200_firmware:v200r005:::::::*
huawei	ar2500_firmware	v200r005	cpe:2.3:a:huawei:ar2500_firmware:v200r005:::::::*
huawei	ar3200_firmware	v200r005	cpe:2.3:o:huawei:ar3200_firmware:v200r005:::::::*

Rows per page:

1-10 of 361

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

51.6%

JSON

Related for HUAWEI-SA-20160824-01-VRP