Huawei CloudEngine 12800 V100R006C00 resource consumption

A vulnerability was found in Huawei CloudEngine 6800, CloudEngine 7800, CloudEngine8800 and CloudEngine 12800 V100R006C00. It has been classified as problematic. This affects an unknown part. The manipulation leads to resource consumption. The CWE definition for the vulnerability is CWE-400. The bug was discovered 11/30/2016. The weakness was presented 04/02/2017 as sa-20161130-01 (Website). The advisory is shared at huawei.com. This vulnerability is uniquely identified as CVE-2016-8780. It is possible to initiate the attack remotely. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1499 for this issue. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 123 days. We expect the 0-day to have been worth approximately $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94618).

Field04/03/2017 09:06 AM11/24/2022 02:48 PM
typeCloud SoftwareCloud Software
vendorHuaweiHuawei
nameCloudEngine 6800/CloudEngine 7800/CloudEngine8800/CloudEngine 12800CloudEngine 6800/CloudEngine 7800/CloudEngine8800/CloudEngine 12800
versionV100R006C00V100R006C00
discoverydate14804640001480464000
cwe400 (resource consumption)400 (resource consumption)
risk11
cvss2_vuldb_basescore3.53.5
cvss2_vuldb_tempscore3.53.5
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiCC
cvss3_meta_basescore5.45.4
cvss3_meta_tempscore5.45.4
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.34.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-switch-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-switch-en
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-switch-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-switch-en
price_0day$0-$5k$5k-$25k
cveCVE-2016-8780CVE-2016-8780
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published14910912001491091200
cve_nvd_summaryHuawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition.Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition.
osvdb_titleCVE-2016-8780 - Huawei - Multiple Products - Denial of Service IssueCVE-2016-8780 - Huawei - Multiple Products - Denial of Service Issue
securityfocus9461894618
securityfocus_date1480550400 (12/01/2016)1480550400 (12/01/2016)
securityfocus_classFailure to Handle Exceptional ConditionsFailure to Handle Exceptional Conditions
securityfocus_titleMultiple Huawei CloudEngine Products CVE-2016-8780 Denial of Service VulnerabilityMultiple Huawei CloudEngine Products CVE-2016-8780 Denial of Service Vulnerability
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days123123
cvss3_nvd_basescore6.56.5
identifiersa-20161130-01
cvss2_nvd_basescore6.8

Do you know our Splunk app?

Download it now for free!