CVE-2015-8677

MEDIUM

Huawei S Series Switches - Authenticated Denial of Service via HTTPS/SFTP Session Handling

Title source: llm

Description

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en

Scores

CVSS v3 6.5

EPSS 0.0024

EPSS Percentile 47.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-399

Status published

Products (13)

huawei/s2300_firmware v100r006c05 - v100r006sph022

huawei/s2350ei_firmware v200r003c00 - v200r003sph011

huawei/s3300_firmware v100r006c05 - v100r006sph022

huawei/s5300ei_firmware v200r003c00 - v200r003sph011

huawei/s5300li_firmware v200r003c00 - v200r003sph011

huawei/s5300si_firmware v200r001c00 - v200r001sph018

huawei/s5310hi_firmware v200r001c00 - v200r001sph018

huawei/s5720ei_firmware v200r006c00 - v200r006sph002

huawei/s5720hi_firmware v200r006c00 - v200r006sph002

huawei/s6300ei_firmware v200r001c00 - v200r001sph018

... and 3 more

Published Apr 14, 2016

Tracked Since Feb 18, 2026