Page 2 of 7 results (0.005 seconds)

CVSS: 7.1EPSS: 0%CPEs: 31EXPL: 0

Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset. Huawei CloudEngine 12800 con software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 con software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 con software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 con software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 con software V100R006C00; y Secospace USG6600 con software V500R001C00 permiten a atacantes remotos no autenticados manipular paquetes IPFPM específicos para desencadenar un desbordamiento de entero y provocar el restablecimiento del dispositivo. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-vrp-en http://www.securityfocus.com/bid/94504 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet. Dispositivos Huawei NE40E y CX600 con software en versiones anteriores a V800R007SPH017; dispositivos PTN 6900-2-M8 con software en versiones anteriores V800R007SPH019; dispositivos NE5000E con software en versiones anteriores a V800R006SPH018 y dispositivos CloudEngine 12800 con software en versiones anteriores a V100R003SPH010 y V100R005 en versiones anteriores a V100R005SPH006 permiten a atacantes remotos con acceso plano de control provocar una denegación de servicio o ejecutar código arbitrario a través de un paquete manipulado. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-multicast-ldp-fec-stack-en http://www.securityfocus.com/bid/91772 • CWE-20: Improper Input Validation •