Huawei USG5500 V300R001C00/V300R001C00 Anti-DDoS Module Backend access control

A vulnerability was found in Huawei USG5500 V300R001C00/V300R001C00. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Anti-DDoS Module. The manipulation leads to improper access controls (Backend). Using CWE to declare the problem leads to CWE-284. The bug was discovered 10/26/2016. The weakness was shared 04/02/2017 with NIST as sa-20161026-01 (Website). The advisory is shared for download at huawei.com. This vulnerability is handled as CVE-2016-8798. The attack may be launched remotely. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $5k-$25k at the moment. The MITRE ATT&CK project declares the attack technique as T1068. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 158 days. As 0-day the estimated underground price was around $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 93891).

Field04/03/2017 09:09 AM08/25/2020 10:10 AM11/24/2022 03:41 PM
vendorHuaweiHuaweiHuawei
nameUSG5500USG5500USG5500
versionV300R001C00/V300R001C00V300R001C00/V300R001C00V300R001C00/V300R001C00
componentAnti-DDoS ModuleAnti-DDoS ModuleAnti-DDoS Module
discoverydate147744000014774400001477440000
cwe284 (access control)284 (access control)284 (access control)
risk111
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore5.05.05.0
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiCCC
cvss3_meta_basescore6.46.46.4
cvss3_meta_tempscore6.46.46.4
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.35.35.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
titlewordBackendBackendBackend
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-usg-en
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2016-8798CVE-2016-8798CVE-2016-8798
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryHuawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.
osvdb_titleCVE-2016-8798 - Huawei - USG5500 - Denial of Service IssueCVE-2016-8798 - Huawei - USG5500 - Denial of Service IssueCVE-2016-8798 - Huawei - USG5500 - Denial of Service Issue
securityfocus938919389193891
securityfocus_date1477440000 (10/26/2016)1477440000 (10/26/2016)1477440000 (10/26/2016)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
securityfocus_titleHuawei USG Products CVE-2016-8798 Security Bypass VulnerabilityHuawei USG Products CVE-2016-8798 Security Bypass VulnerabilityHuawei USG Products CVE-2016-8798 Security Bypass Vulnerability
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days158158158
cvss3_nvd_basescore7.57.57.5
company_nameNISTNIST
identifiersa-20161026-01
cvss2_nvd_basescore7.8

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!