There is a defense mechanism bypass vulnerability in Huawei USG products. Successful exploit could allow an attacker to bypass the anti-DDoS module of the USGs to send massive HTTP packets, possibly causing a denial of service condition on the backend server. (Vulnerability ID: HWPSIRT-2016-07050)
This vulnerability has been assigned CVE ID: CVE-2016-8798.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en
CPE | Name | Operator | Version |
---|---|---|---|
usg5500 | eq | V300R001C00 | |
eq | V300R001C10 |