Huawei Secospace USD6600 Security Policy Processing Module memory corruption

A vulnerability classified as critical was found in Huawei Secospace USG6300, Secospace USG6500 and Secospace USD6600 V500R001C20SPC100/V500R001C20SPC101/V500R001C20SPC200. This vulnerability affects unknown code of the component Security Policy Processing Module. The manipulation leads to memory corruption. Using CWE to declare the problem leads to CWE-119. The bug was discovered 11/25/2016. The weakness was released 04/02/2017 as sa-20161125-01 (Website). The advisory is available at huawei.com. This vulnerability was named CVE-2016-8802. The attack can be initiated remotely. There are no technical details available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 128 days. As 0-day the estimated underground price was around $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94538).

Field04/03/2017 09:09 AM11/24/2022 03:53 PM
vendorHuaweiHuawei
nameSecospace USG6300/Secospace USG6500/Secospace USD6600Secospace USG6300/Secospace USG6500/Secospace USD6600
versionV500R001C20SPC100/V500R001C20SPC101/V500R001C20SPC200V500R001C20SPC100/V500R001C20SPC101/V500R001C20SPC200
componentSecurity Policy Processing ModuleSecurity Policy Processing Module
discoverydate14800320001480032000
cwe119 (memory corruption)119 (memory corruption)
risk22
cvss2_vuldb_basescore6.06.0
cvss2_vuldb_tempscore6.06.0
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiCC
cvss3_meta_basescore6.46.4
cvss3_meta_tempscore6.46.4
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.36.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en
price_0day$5k-$25k$5k-$25k
cveCVE-2016-8802CVE-2016-8802
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published14910912001491091200
cve_nvd_summaryThe security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.
osvdb_titleCVE-2016-8802 - Huawei - Multiple Products - Buffer Overflow IssueCVE-2016-8802 - Huawei - Multiple Products - Buffer Overflow Issue
securityfocus9453894538
securityfocus_date1480032000 (11/25/2016)1480032000 (11/25/2016)
securityfocus_classBoundary Condition ErrorBoundary Condition Error
securityfocus_titleMultiple Huawei Secospace Products CVE-2016-8802 Buffer Overflow VulnerabilityMultiple Huawei Secospace Products CVE-2016-8802 Buffer Overflow Vulnerability
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days128128
cvss3_nvd_basescore6.56.5
identifiersa-20161125-01
cvss2_nvd_basescore6.8

Interested in the pricing of exploits?

See the underground prices here!