Huawei CloudEngine 12800 prior V200R001C00SPC700 Crafted Packet memory corruption

A vulnerability classified as critical has been found in Huawei CloudEngine 5800, CloudEngine 6800, CloudEngine 7800, CloudEngine 8800 and CloudEngine 12800. Affected is an unknown function. The manipulation as part of Crafted Packet leads to memory corruption. Using CWE to declare the problem leads to CWE-119. The bug was discovered 11/16/2016. The weakness was released 04/02/2017 as sa-20161116-01 (Website). The advisory is shared for download at huawei.com. This vulnerability is traded as CVE-2016-8790. Access to the local network is required for this attack. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 137 days. As 0-day the estimated underground price was around $5k-$25k. Upgrading to version V200R001C00SPC700 is able to address this issue. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94402).

Field04/03/2017 09:06 AM11/24/2022 02:59 PM
typeCloud SoftwareCloud Software
vendorHuaweiHuawei
nameCloudEngine 5800/CloudEngine 6800/CloudEngine 7800/CloudEngine 8800/CloudEngine 12800CloudEngine 5800/CloudEngine 6800/CloudEngine 7800/CloudEngine 8800/CloudEngine 12800
input_typeCrafted PacketCrafted Packet
discoverydate14792544001479254400
cwe119 (memory corruption)119 (memory corruption)
risk22
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore4.54.5
cvss2_vuldb_avAA
cvss2_vuldb_acLL
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avAA
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiCC
cvss3_meta_basescore5.65.6
cvss3_meta_tempscore5.45.5
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.35.3
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avAA
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-cfm-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-cfm-en
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-cfm-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-cfm-en
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
upgrade_versionV200R001C00SPC700V200R001C00SPC700
cveCVE-2016-8790CVE-2016-8790
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published14910912001491091200
cve_nvd_summaryHuawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot.Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot.
osvdb_titleCVE-2016-8790 - Huawei - Multiple Products - Buffer Overflow IssueCVE-2016-8790 - Huawei - Multiple Products - Buffer Overflow Issue
securityfocus9440294402
securityfocus_date1479254400 (11/16/2016)1479254400 (11/16/2016)
securityfocus_classBoundary Condition ErrorBoundary Condition Error
securityfocus_titleMultiple Huawei CloudEngine Products CVE-2016-8790 Buffer Overflow VulnerabilityMultiple Huawei CloudEngine Products CVE-2016-8790 Buffer Overflow Vulnerability
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
0day_days137137
cvss3_nvd_basescore5.75.7
identifiersa-20161116-01
cvss2_nvd_basescore5.5

Do you know our Splunk app?

Download it now for free!