Multiple Huawei CloudEngine Products CVE-2016-8795 Integer Overflow Vulnerability
by CIRT Team
Description: Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset.
Impact: An attacker can exploit this issue to cause the device to reset, causing a denial-of-service condition.
Mitigation: Updates are available. Please check specific vendor advisory for more information.
Reference URL’s:
- http://www.cvedetails.com/cve/CVE-2016-8795/
- http://www.securityfocus.com/bid/94504
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-vrp-en
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
