Huawei S5300/S5700/S6300/S6700/S7700/S9300/S9700/S12700 MPLS Packet input validation

A vulnerability classified as problematic was found in Huawei S5300, S5700, S6300, S6700, S7700, S9300, S9700 and S12700. This vulnerability affects unknown code of the component MPLS Packet Handler. The manipulation leads to improper input validation. Using CWE to declare the problem leads to CWE-20. The bug was discovered 11/11/2016. The weakness was presented 04/02/2017 as sa-20161111-01 (Website). The advisory is shared for download at huawei.com. This vulnerability was named CVE-2016-8773. The attack can be initiated remotely. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 142 days. As 0-day the estimated underground price was around $5k-$25k. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94285).

Field04/03/2017 09:04 AM11/24/2022 02:37 PM
vendorHuaweiHuawei
nameS5300/S5700/S6300/S6700/S7700/S9300/S9700/S12700S5300/S5700/S6300/S6700/S7700/S9300/S9700/S12700
componentMPLS Packet HandlerMPLS Packet Handler
discoverydate14788224001478822400
cwe20 (input validation)20 (input validation)
risk11
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore4.44.4
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_meta_basescore6.46.4
cvss3_meta_tempscore6.16.3
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore5.15.1
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-en
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-en
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
cveCVE-2016-8773CVE-2016-8773
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published14910912001491091200
cve_nvd_summaryHuawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets.Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets.
osvdb_titleCVE-2016-8773 - Huawei - Multiple Products - Denial of Service IssueCVE-2016-8773 - Huawei - Multiple Products - Denial of Service Issue
securityfocus9428594285
securityfocus_date1478822400 (11/11/2016)1478822400 (11/11/2016)
securityfocus_classFailure to Handle Exceptional ConditionsFailure to Handle Exceptional Conditions
securityfocus_titleMultiple Huawei Products CVE-2016-8773 Denial of Service VulnerabilityMultiple Huawei Products CVE-2016-8773 Denial of Service Vulnerability
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
0day_days142142
cvss3_nvd_basescore7.57.5
identifiersa-20161111-01
cvss2_nvd_basescore5.0

Do you know our Splunk app?

Download it now for free!