CVSS: 7.1EPSS: 0%CPEs: 31EXPL: 0CVE-2016-8795
https://notcve.org/view.php?id=CVE-2016-8795
Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset. Huawei CloudEngine 12800 con software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 con software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 con software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 con software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 con software V100R006C00; y Secospace USG6600 con software V500R001C00 permiten a atacantes remotos no autenticados manipular paquetes IPFPM específicos para desencadenar un desbordamiento de entero y provocar el restablecimiento del dispositivo. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-vrp-en http://www.securityfocus.com/bid/94504 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.7EPSS: 0%CPEs: 22EXPL: 0CVE-2016-8790
https://notcve.org/view.php?id=CVE-2016-8790
Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot. Huawei CloudEngine 5800 con software en versiones anteriores a V200R001C00SPC700, CloudEngine 6800 con software en versiones anteriores a V200R001C00SPC700, CloudEngine 7800 con software en versiones anteriores a V200R001C00SPC700, CloudEngine 8800 con software en versiones anteriores a V200R001C00SPC700, CloudEngine 12800 con software en versiones anteriores a V200R001C00SPC700 podría permitir al atacante explotar una vulnerabilidad de desbordamiento de búfer enviando paquetes manipulados al sistema afectado para provocar un reinicio del panel de control principal. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-cfm-en http://www.securityfocus.com/bid/94402 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0CVE-2016-6178
https://notcve.org/view.php?id=CVE-2016-6178
Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet. Dispositivos Huawei NE40E y CX600 con software en versiones anteriores a V800R007SPH017; dispositivos PTN 6900-2-M8 con software en versiones anteriores V800R007SPH019; dispositivos NE5000E con software en versiones anteriores a V800R006SPH018 y dispositivos CloudEngine 12800 con software en versiones anteriores a V100R003SPH010 y V100R005 en versiones anteriores a V100R005SPH006 permiten a atacantes remotos con acceso plano de control provocar una denegación de servicio o ejecutar código arbitrario a través de un paquete manipulado. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-multicast-ldp-fec-stack-en http://www.securityfocus.com/bid/91772 • CWE-20: Improper Input Validation •