CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-8174
https://notcve.org/view.php?id=CVE-2017-8174
Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. Huawei USG6300 V100R001C30SPC300 y USG6600 con versiones de software V100R001C30SPC500, V100R001C30SPC600, V100R001C30SPC700 y ,V100R001C30SPC800 tiene una vulnerabilidad de algoritmo débil. Los atacantes podrían explotar esta vulnerabilidad de algoritmo débil para descifrar el texto cifrado y provocar fugas de información confidencial en los enlaces de transmisión. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en • CWE-326: Inadequate Encryption Strength •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-8802
https://notcve.org/view.php?id=CVE-2016-8802
The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. El módulo de procesamiento de políticas de seguridad en Huawei Secospace USG6300 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 permite a atacantes autenticados configurar una política de seguridad especifica dentro de los dispositivos, provocando un desbordamiento de búfer y bloqueando el sistema. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en http://www.securityfocus.com/bid/94538 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8781
https://notcve.org/view.php?id=CVE-2016-8781
Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition. Huawei Secospace USG6300 con software V500R001C20 y V500R001C20SPC200PWE, Secospace USG6500 con software V500R001C20, Secospace USG6600 con software V500R001C20 y V500R001C20SPC200PWE permiten a atacantes remotos con permiso específico iniciar sesión en un dispositivo y entregar un gran número de comandos no especificados para agotar la memoria, causando una condición DoS. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-firewall-en http://www.securityfocus.com/bid/94927 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 31EXPL: 0CVE-2016-8795
https://notcve.org/view.php?id=CVE-2016-8795
Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset. Huawei CloudEngine 12800 con software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 con software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 con software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 con software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 con software V100R006C00; y Secospace USG6600 con software V500R001C00 permiten a atacantes remotos no autenticados manipular paquetes IPFPM específicos para desencadenar un desbordamiento de entero y provocar el restablecimiento del dispositivo. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-vrp-en http://www.securityfocus.com/bid/94504 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2016-5435
https://notcve.org/view.php?id=CVE-2016-5435
Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. Fuga de memoria en Huawei IPS Module, NGFW Module, NIP6300, NIP6600 y Secospace USG6300, USG6500, USG6600, USG9500 y AntiDDoS8000 V500R001C00 en versiones anteriores a V500R001C20SPC100, cuando en redes de espera activa donde dos dispositivos no están conectados directamente, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y reinicio) a través de un paquete manipulado. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby-en • CWE-399: Resource Management Errors •