Huawei CloudEngine 12800 prior V200R001C00SPC700 Crafted Packet memory corruption
A vulnerability classified as critical has been found in Huawei CloudEngine 5800, CloudEngine 6800, CloudEngine 7800, CloudEngine 8800 and CloudEngine 12800. Affected is an unknown function. The manipulation as part of Crafted Packet leads to memory corruption. Using CWE to declare the problem leads to CWE-119. The bug was discovered 11/16/2016. The weakness was released 04/02/2017 as sa-20161116-01 (Website). The advisory is shared for download at huawei.com. This vulnerability is traded as CVE-2016-8790. Access to the local network is required for this attack. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 137 days. As 0-day the estimated underground price was around $5k-$25k. Upgrading to version V200R001C00SPC700 is able to address this issue. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94402).
Do you know our Splunk app?
Download it now for free!