cnvd - cnvd-2016-12339

cnvd-2016-12339

Vulnerability from cnvd

Title: 多款Huawei防火墙拒绝服务漏洞（CNVD-2016-12339）

Description:

Huawei Secospace USG6300、Secospace USG6500、Secospace USG6600是中国华为（Huawei）公司的防火墙设备。

多款Huawei防火墙存在拒绝服务漏洞。由于执行某命令后部分内存未释放，具有特定权限的远程攻击者登录设备后可下发大量该命令，使得设备内存耗尽，导致拒绝服务攻击。

Severity: 中

Patch Name: 多款Huawei防火墙拒绝服务漏洞的补丁

Patch Description:

Huawei Secospace USG6300、Secospace USG6500、Secospace USG6600是中国华为（Huawei）公司的防火墙设备。

多款Huawei防火墙存在拒绝服务漏洞。由于执行某命令后部分内存未释放，具有特定权限的远程攻击者登录设备后可下发大量该命令，使得设备内存耗尽，导致拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已提供漏洞修补方案，请关注如下链接及时更新： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161214-01-firewall-cn

Reference: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161214-01-firewall-cn

Impacted products

Name
['Huawei Secospace USG6300 V500R001C00', 'Huawei Secospace USG6500 V500R001C00', 'Huawei Secospace USG6600 V500R001C00', 'Huawei Secospace USG6300 V500R001C20SPC200PWE', 'Huawei Secospace USG6600 V500R001C20SPC200PWE']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8781"
    }
  },
  "description": "Huawei Secospace USG6300\u3001Secospace USG6500\u3001Secospace USG6600\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u9632\u706b\u5899\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eHuawei\u9632\u706b\u5899\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u7531\u4e8e\u6267\u884c\u67d0\u547d\u4ee4\u540e\u90e8\u5206\u5185\u5b58\u672a\u91ca\u653e\uff0c\u5177\u6709\u7279\u5b9a\u6743\u9650\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u767b\u5f55\u8bbe\u5907\u540e\u53ef\u4e0b\u53d1\u5927\u91cf\u8be5\u547d\u4ee4\uff0c\u4f7f\u5f97\u8bbe\u5907\u5185\u5b58\u8017\u5c3d\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5982\u4e0b\u94fe\u63a5\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161214-01-firewall-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-12339",
  "openTime": "2016-12-15",
  "patchDescription": "Huawei Secospace USG6300\u3001Secospace USG6500\u3001Secospace USG6600\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u9632\u706b\u5899\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eHuawei\u9632\u706b\u5899\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u7531\u4e8e\u6267\u884c\u67d0\u547d\u4ee4\u540e\u90e8\u5206\u5185\u5b58\u672a\u91ca\u653e\uff0c\u5177\u6709\u7279\u5b9a\u6743\u9650\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u767b\u5f55\u8bbe\u5907\u540e\u53ef\u4e0b\u53d1\u5927\u91cf\u8be5\u547d\u4ee4\uff0c\u4f7f\u5f97\u8bbe\u5907\u5185\u5b58\u8017\u5c3d\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei\u9632\u706b\u5899\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei Secospace USG6300 V500R001C00",
      "Huawei Secospace USG6500 V500R001C00",
      "Huawei Secospace USG6600 V500R001C00",
      "Huawei Secospace USG6300 V500R001C20SPC200PWE",
      "Huawei Secospace USG6600 V500R001C20SPC200PWE"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161214-01-firewall-cn",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-15",
  "title": "\u591a\u6b3eHuawei\u9632\u706b\u5899\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-12339\uff09"
}

CVE-2016-8781 (GCVE-0-2016-8781)

Vulnerability from cvelistv5

Published

2017-04-02 20:00

Modified

2024-08-06 02:35

Severity ?

CWE

denial of service

Summary

Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition.

References

▼	URL	Tags
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94927	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Secospace USG6300, Secospace USG6500, Secospace USG6600 Secospace USG6300 V500R001C20 and V500R001C20SPC200PWE,Secospace USG6500 V500R001C20,Secospace USG6600 V500R001C20 and V500R001C20SPC200PWE	Version: Secospace USG6300, Secospace USG6500, Secospace USG6600 Secospace USG6300 V500R001C20 and V500R001C20SPC200PWE,Secospace USG6500 V500R001C20,Secospace USG6600 V500R001C20 and V500R001C20SPC200PWE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:00.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en"
          },
          {
            "name": "94927",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94927"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Secospace USG6300, Secospace USG6500, Secospace USG6600 Secospace USG6300 V500R001C20 and V500R001C20SPC200PWE,Secospace USG6500 V500R001C20,Secospace USG6600 V500R001C20 and V500R001C20SPC200PWE",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Secospace USG6300, Secospace USG6500, Secospace USG6600 Secospace USG6300 V500R001C20 and V500R001C20SPC200PWE,Secospace USG6500 V500R001C20,Secospace USG6600 V500R001C20 and V500R001C20SPC200PWE"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-03T09:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en"
        },
        {
          "name": "94927",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94927"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2016-8781",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secospace USG6300, Secospace USG6500, Secospace USG6600 Secospace USG6300 V500R001C20 and V500R001C20SPC200PWE,Secospace USG6500 V500R001C20,Secospace USG6600 V500R001C20 and V500R001C20SPC200PWE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Secospace USG6300, Secospace USG6500, Secospace USG6600 Secospace USG6300 V500R001C20 and V500R001C20SPC200PWE,Secospace USG6500 V500R001C20,Secospace USG6600 V500R001C20 and V500R001C20SPC200PWE"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en"
            },
            {
              "name": "94927",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94927"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2016-8781",
    "datePublished": "2017-04-02T20:00:00",
    "dateReserved": "2016-10-18T00:00:00",
    "dateUpdated": "2024-08-06T02:35:00.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted