cnvd - cnvd-2016-03933

CNVD-2016-03933

Vulnerability from cnvd - Published: 2016-06-13

Title

HUAWEI VP9660和RSE6500畸形报文缓冲区溢出漏洞

Description

HUAWEI VP9660和RSE6500是中国华为公司的新一代视频会议终端产品。 HUAWEI VP9660和RSE6500处理畸形报文存在缓冲区溢出漏洞，远程攻击者可利用漏洞发送特殊的请求使系统崩溃。

Severity

高

Patch Name

HUAWEI VP9660和RSE6500畸形报文缓冲区溢出漏洞的补丁

Patch Description

HUAWEI VP9660和RSE6500是中国华为公司的新一代视频会议终端产品。 HUAWEI VP9660和RSE6500处理畸形报文存在缓冲区溢出漏洞，远程攻击者可利用漏洞发送特殊的请求使系统崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160601-01-videoconference-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160601-01-videoconference-cn

Impacted products

Name
['Huawei VP9660 V200R001C01', 'Huawei VP9660 V200R001C02', 'Huawei VP9660 V200R001C30', 'Huawei RSE6500 V100R001C00']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5234"
    }
  },
  "description": "HUAWEI VP9660\u548cRSE6500\u662f\u4e2d\u56fd\u534e\u4e3a\u516c\u53f8\u7684\u65b0\u4e00\u4ee3\u89c6\u9891\u4f1a\u8bae\u7ec8\u7aef\u4ea7\u54c1\u3002\r\n\r\nHUAWEI VP9660\u548cRSE6500\u5904\u7406\u7578\u5f62\u62a5\u6587\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u53d1\u9001\u7279\u6b8a\u7684\u8bf7\u6c42\u4f7f\u7cfb\u7edf\u5d29\u6e83\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160601-01-videoconference-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03933",
  "openTime": "2016-06-13",
  "patchDescription": "HUAWEI VP9660\u548cRSE6500\u662f\u4e2d\u56fd\u534e\u4e3a\u516c\u53f8\u7684\u65b0\u4e00\u4ee3\u89c6\u9891\u4f1a\u8bae\u7ec8\u7aef\u4ea7\u54c1\u3002\r\n\r\nHUAWEI VP9660\u548cRSE6500\u5904\u7406\u7578\u5f62\u62a5\u6587\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u53d1\u9001\u7279\u6b8a\u7684\u8bf7\u6c42\u4f7f\u7cfb\u7edf\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HUAWEI VP9660\u548cRSE6500\u7578\u5f62\u62a5\u6587\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei VP9660 V200R001C01",
      "Huawei VP9660 V200R001C02",
      "Huawei VP9660 V200R001C30",
      "Huawei RSE6500 V100R001C00"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160601-01-videoconference-cn",
  "serverity": "\u9ad8",
  "submitTime": "2016-06-10",
  "title": "HUAWEI VP9660\u548cRSE6500\u7578\u5f62\u62a5\u6587\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2016-5234 (GCVE-0-2016-5234)

Vulnerability from cvelistv5 – Published: 2016-06-13 14:00 – Updated: 2024-08-06 00:53

Summary

Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/90978	vdb-entryx_refsource_BID
	http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:48.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "90978",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90978"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160601-01-videoconference-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "90978",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90978"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160601-01-videoconference-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5234",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "90978",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/90978"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160601-01-videoconference-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160601-01-videoconference-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5234",
    "datePublished": "2016-06-13T14:00:00",
    "dateReserved": "2016-06-01T00:00:00",
    "dateUpdated": "2024-08-06T00:53:48.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2016-03933

CVE-2016-5234 (GCVE-0-2016-5234)

Tags

Sightings

Nomenclature