CVE-2016-8795

MEDIUM

Huawei CloudEngine <6.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94504

Scores

CVSS v3 5.9
EPSS 0.0024
EPSS Percentile 47.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-190
Status published
Products (26)
huawei/cloudengine_12800_firmware v100r002c00
huawei/cloudengine_12800_firmware v100r003c00
huawei/cloudengine_12800_firmware v100r003c10
huawei/cloudengine_12800_firmware v100r005c00
huawei/cloudengine_12800_firmware v100r005c10
huawei/cloudengine_12800_firmware v100r006c00
huawei/cloudengine_5800_firmware v100r002c00
huawei/cloudengine_5800_firmware v100r003c00
huawei/cloudengine_5800_firmware v100r003c10
huawei/cloudengine_5800_firmware v100r005c00
... and 16 more
Published Apr 02, 2017
Tracked Since Feb 18, 2026