CVE-2015-8677

MEDIUM

Huawei S5300ei Firmware < v200r003sph011 - Resource Management Error

Title source: rule

Description

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en

Scores

CVSS v3 6.5

EPSS 0.0024

EPSS Percentile 47.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-399

Status draft

Affected Products (13)

huawei/s5300ei_firmware < v200r003sph011

huawei/s5300si_firmware < v200r001sph018

huawei/s5310hi_firmware < v200r001sph018

huawei/s6300ei_firmware < v200r001sph018

huawei/s5300li_firmware < v200r003sph011

huawei/s2350ei_firmware < v200r003sph011

huawei/s9300_firmware < v200r003sph011

huawei/s9700_firmware < v200r003sph011

huawei/s7700_firmware < v200r003sph011

huawei/s5720hi_firmware < v200r006sph002

huawei/s5720ei_firmware < v200r006sph002

huawei/s2300_firmware < v100r006sph022

huawei/s3300_firmware < v100r006sph022

Timeline

Published Apr 14, 2016

Tracked Since Feb 18, 2026