Vulnerability CVE-2016-8786


Published: 2018-03-09   Modified: 2018-03-10

Description:
Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Huawei -> S12700 firmware 
Huawei -> S5700 firmware 
Huawei -> S6700 firmware 
Huawei -> S7700 firmware 
Huawei -> S9700 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-01-rsvp-en
http://www.securityfocus.com/bid/95139

Copyright 2022, cxsecurity.com

 

Back to Top