Huawei Secospace USD6600 Command resource management

A vulnerability was found in Huawei Secospace USG6300, Secospace USG6500 and Secospace USD6600. It has been declared as problematic. This vulnerability affects unknown code of the component Command Handler. The manipulation leads to improper resource management. Using CWE to declare the problem leads to CWE-399. The bug was discovered 12/14/2016. The weakness was shared 04/02/2017 as sa-20161214-01 (Website). The advisory is available at huawei.com. This vulnerability was named CVE-2016-8781. The attack can be initiated remotely. There are no technical details available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 109 days. As 0-day the estimated underground price was around $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94927).

Field04/03/2017 09:06 AM11/24/2022 02:52 PM
vendorHuaweiHuawei
nameSecospace USG6300/Secospace USG6500/Secospace USD6600Secospace USG6300/Secospace USG6500/Secospace USD6600
componentCommand HandlerCommand Handler
discoverydate14816736001481673600
cwe399 (resource management)399 (resource management)
risk11
cvss2_vuldb_basescore3.53.5
cvss2_vuldb_tempscore3.53.5
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_meta_basescore5.45.4
cvss3_meta_tempscore5.45.4
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.34.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en
price_0day$0-$5k$5k-$25k
cveCVE-2016-8781CVE-2016-8781
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published14910912001491091200
cve_nvd_summaryHuawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition.Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition.
osvdb_titleCVE-2016-8781 - Huawei - Multiple Products - Denial of Service IssueCVE-2016-8781 - Huawei - Multiple Products - Denial of Service Issue
securityfocus9492794927
securityfocus_date1481673600 (12/14/2016)1481673600 (12/14/2016)
securityfocus_classInput Validation ErrorInput Validation Error
securityfocus_titleHuawei Firewall CVE-2016-8781 Remote Denial of Service VulnerabilityHuawei Firewall CVE-2016-8781 Remote Denial of Service Vulnerability
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days109109
cvss3_nvd_basescore6.56.5
identifiersa-20161214-01
cvss2_nvd_basescore4.0

Might our Artificial Intelligence support you?

Check our Alexa App!