Huawei S6700/S7700/S9300/S9700/S12700/AR3200 MPLS Packet resource management

A vulnerability was found in Huawei S6700, S7700, S9300, S9700, S12700 and AR3200. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MPLS Packet Handler. The manipulation leads to improper resource management. The CWE definition for the vulnerability is CWE-399. The bug was discovered 11/16/2016. The weakness was presented 04/02/2017 as sa-20160608-01 (Website). It is possible to read the advisory at huawei.com. This vulnerability is known as CVE-2016-8797. The attack can be launched remotely. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 137 days. We expect the 0-day to have been worth approximately $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field04/03/2017 09:08 AM08/25/2020 10:07 AM11/24/2022 03:35 PM
seealso885618856188561
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days137137137
cvss3_nvd_basescore7.57.57.5
vendorHuaweiHuaweiHuawei
nameS6700/S7700/S9300/S9700/S12700/AR3200S6700/S7700/S9300/S9700/S12700/AR3200S6700/S7700/S9300/S9700/S12700/AR3200
componentMPLS Packet HandlerMPLS Packet HandlerMPLS Packet Handler
cwe399 (resource management)399 (resource management)399 (resource management)
risk111
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore5.05.05.0
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiPPP
cvss3_meta_basescore6.46.46.4
cvss3_meta_tempscore6.46.46.4
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.35.35.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160608-01-mpls-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160608-01-mpls-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160608-01-mpls-en
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2016-8797CVE-2016-8797CVE-2016-8797
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryHuawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion.Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion.Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion.
discoverydate14792544001479254400
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160608-01-mpls-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160608-01-mpls-en
osvdb_titleCVE-2016-8797 - Huawei - Multiple Products - Denial of Service IssueCVE-2016-8797 - Huawei - Multiple Products - Denial of Service Issue
identifiersa-20160608-01
cvss2_nvd_basescore5.0

Do you want to use VulDB in your project?

Use the official API to access entries easily!