Vulnerability CVE-2016-8802
Published: 2017-04-02

Description:
The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Huawei -> Secospace usg6500 firmware 
Huawei -> Secospace usg6600 firmware 
Huawei -> Secospace usg6300 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en
http://www.securityfocus.com/bid/94538
Copyright 2024, cxsecurity.com

 

Back to Top