cnvd-2016-11299
Vulnerability from cnvd

Title: 多款华为产品中的CFM功能存在缓冲区溢出漏洞

Description:

CloudEngine 5800、CloudEngine 6800、CloudEngine 7800、CloudEngine 8800、CloudEngine 12800是华为的交换机设备。

多款华为产品中的CFM(Connectivity Fault Management)功能存在缓冲区溢出漏洞。当设备使用了CFM并且配置了MEP(Maintenance Association End Point)时,攻击者向受影响设备发送构造的报文,导致受影响设备的主控板重启。

Severity:

Patch Name: 多款华为产品中的CFM功能存在缓冲区溢出漏洞的补丁

Patch Description:

CloudEngine 5800、CloudEngine 6800、CloudEngine 7800、CloudEngine 8800、CloudEngine 12800是华为的交换机设备。

多款华为产品中的CFM(Connectivity Fault Management)功能存在缓冲区溢出漏洞。当设备使能了CFM并且配置了MEP(Maintenance Association End Point)时,攻击者向受影响设备发送构造的报文,导致受影响设备的主控板重启。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-cfm-cn

Reference: http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-cfm-cn

Impacted products
Name
['Huawei CloudEngine 12800 V100R003C10', 'Huawei CloudEngine 12800 V100R005C00', 'Huawei CloudEngine 12800 V100R005C10', 'Huawei CloudEngine 12800 V100R006C00', 'Huawei CloudEngine 5800 V100R003C10', 'Huawei CloudEngine 5800 V100R005C00', 'Huawei CloudEngine 5800 V100R005C10', 'Huawei CloudEngine 5800 V100R006C00', 'Huawei CloudEngine 6800 V100R003C10', 'Huawei CloudEngine 6800 V100R005C00', 'Huawei CloudEngine 6800 V100R005C10', 'Huawei CloudEngine 6800 V100R006C00', 'Huawei CloudEngine 7800 V100R003C10', 'Huawei CloudEngine 7800 V100R005C00', 'Huawei CloudEngine 7800 V100R005C10', 'Huawei CloudEngine 7800 V100R006C00', 'Huawei CloudEngine 8800 V100R006C00']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "94402"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8790"
    }
  },
  "description": "CloudEngine 5800\u3001CloudEngine 6800\u3001CloudEngine 7800\u3001CloudEngine 8800\u3001CloudEngine 12800\u662f\u534e\u4e3a\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4e2d\u7684CFM\uff08Connectivity Fault Management\uff09\u529f\u80fd\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5f53\u8bbe\u5907\u4f7f\u7528\u4e86CFM\u5e76\u4e14\u914d\u7f6e\u4e86MEP\uff08Maintenance Association End Point\uff09\u65f6\uff0c\u653b\u51fb\u8005\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u6784\u9020\u7684\u62a5\u6587\uff0c\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u4e3b\u63a7\u677f\u91cd\u542f\u3002",
  "discovererName": "\u534e\u4e3a",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-cfm-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11299",
  "openTime": "2016-11-18",
  "patchDescription": "CloudEngine 5800\u3001CloudEngine 6800\u3001CloudEngine 7800\u3001CloudEngine 8800\u3001CloudEngine 12800\u662f\u534e\u4e3a\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4e2d\u7684CFM\uff08Connectivity Fault Management\uff09\u529f\u80fd\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5f53\u8bbe\u5907\u4f7f\u80fd\u4e86CFM\u5e76\u4e14\u914d\u7f6e\u4e86MEP\uff08Maintenance Association End Point\uff09\u65f6\uff0c\u653b\u51fb\u8005\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u6784\u9020\u7684\u62a5\u6587\uff0c\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u4e3b\u63a7\u677f\u91cd\u542f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4e2d\u7684CFM\u529f\u80fd\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei CloudEngine 12800 V100R003C10",
      "Huawei CloudEngine 12800 V100R005C00",
      "Huawei CloudEngine 12800 V100R005C10",
      "Huawei CloudEngine 12800 V100R006C00",
      "Huawei CloudEngine 5800 V100R003C10",
      "Huawei CloudEngine 5800 V100R005C00",
      "Huawei CloudEngine 5800 V100R005C10",
      "Huawei CloudEngine 5800 V100R006C00",
      "Huawei CloudEngine 6800 V100R003C10",
      "Huawei CloudEngine 6800 V100R005C00",
      "Huawei CloudEngine 6800 V100R005C10",
      "Huawei CloudEngine 6800 V100R006C00",
      "Huawei CloudEngine 7800 V100R003C10",
      "Huawei CloudEngine 7800 V100R005C00",
      "Huawei CloudEngine 7800 V100R005C10",
      "Huawei CloudEngine 7800 V100R006C00",
      "Huawei CloudEngine 8800 V100R006C00"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-cfm-cn",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-18",
  "title": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4e2d\u7684CFM\u529f\u80fd\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.