Vulnerability CVE-2015-8677


Published: 2016-04-14

Description:
Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Huawei -> S2300 firmware 
Huawei -> S2350ei firmware 
Huawei -> S3300 firmware 
Huawei -> S5300ei firmware 
Huawei -> S5300li firmware 
Huawei -> S5300si firmware 
Huawei -> S5310hi firmware 
Huawei -> S5720ei firmware 
Huawei -> S5720hi firmware 
Huawei -> S6300ei firmware 
Huawei -> S7700 firmware 
Huawei -> S9300 firmware 
Huawei -> S9700 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en

Copyright 2024, cxsecurity.com

 

Back to Top