Skip to main content

Cloudengine 5800 Firmware CVE-2016-8795

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2017-04-02 psirt@huawei.com
5.9
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 02, 2017 - 20:59 cve.org
MEDIUM 5.9

DescriptionCVE.org

Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset.

AnalysisAI

Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset. Affected products include: Huawei Cloudengine 5800 Firmware, Huawei Cloudengine 6800 Firmware, Huawei Cloudengine 12800 Firmware, Huawei Cloudengine 7800 Firmware, Huawei Cloudengine 8800 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2021-39976 HIGH
7.8 Nov 23

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Rated high severity (CVSS 7.8), thi

CVE-2020-9207 HIGH
7.8 Dec 29

There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. Rated high severity (C

CVE-2017-8147 HIGH
7.5 Nov 22

AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C

CVE-2021-40008 HIGH
7.5 Dec 13

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEn

CVE-2021-22328 HIGH
7.5 Aug 23

There is a denial of service vulnerability in some huawei products. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2021-22332 HIGH
7.5 Apr 28

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 an

CVE-2020-9124 HIGH
7.5 Dec 29

There is a memory leak vulnerability in some versions of Huawei CloudEngine product. Rated high severity (CVSS 7.5), thi

CVE-2020-9094 HIGH
7.5 Dec 29

There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. Rated high severity (CVSS 7.

CVE-2020-9137 MEDIUM
6.7 Dec 24

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 an

CVE-2021-37122 MEDIUM
6.5 Oct 27

There is a use-after-free (UAF) vulnerability in Huawei products. Rated medium severity (CVSS 6.5), this vulnerability i

CVE-2016-8790 MEDIUM
5.7 Apr 02

Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700,

CVE-2021-22362 MEDIUM
5.3 May 27

There is an out of bounds write vulnerability in some Huawei products. Rated medium severity (CVSS 5.3), this vulnerabil

Share

CVE-2016-8795 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy