CNVD-2016-11299

Vulnerability from cnvd - Published: 2016-11-18
VLAI Severity ?
Title
多款华为产品中的CFM功能存在缓冲区溢出漏洞
Description
CloudEngine 5800、CloudEngine 6800、CloudEngine 7800、CloudEngine 8800、CloudEngine 12800是华为的交换机设备。 多款华为产品中的CFM(Connectivity Fault Management)功能存在缓冲区溢出漏洞。当设备使用了CFM并且配置了MEP(Maintenance Association End Point)时,攻击者向受影响设备发送构造的报文,导致受影响设备的主控板重启。
Severity
Patch Name
多款华为产品中的CFM功能存在缓冲区溢出漏洞的补丁
Patch Description
CloudEngine 5800、CloudEngine 6800、CloudEngine 7800、CloudEngine 8800、CloudEngine 12800是华为的交换机设备。 多款华为产品中的CFM(Connectivity Fault Management)功能存在缓冲区溢出漏洞。当设备使能了CFM并且配置了MEP(Maintenance Association End Point)时,攻击者向受影响设备发送构造的报文,导致受影响设备的主控板重启。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-cfm-cn

Reference
http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-cfm-cn
Impacted products
Name
['Huawei CloudEngine 12800 V100R003C10', 'Huawei CloudEngine 12800 V100R005C00', 'Huawei CloudEngine 12800 V100R005C10', 'Huawei CloudEngine 12800 V100R006C00', 'Huawei CloudEngine 5800 V100R003C10', 'Huawei CloudEngine 5800 V100R005C00', 'Huawei CloudEngine 5800 V100R005C10', 'Huawei CloudEngine 5800 V100R006C00', 'Huawei CloudEngine 6800 V100R003C10', 'Huawei CloudEngine 6800 V100R005C00', 'Huawei CloudEngine 6800 V100R005C10', 'Huawei CloudEngine 6800 V100R006C00', 'Huawei CloudEngine 7800 V100R003C10', 'Huawei CloudEngine 7800 V100R005C00', 'Huawei CloudEngine 7800 V100R005C10', 'Huawei CloudEngine 7800 V100R006C00', 'Huawei CloudEngine 8800 V100R006C00']
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "94402"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8790"
    }
  },
  "description": "CloudEngine 5800\u3001CloudEngine 6800\u3001CloudEngine 7800\u3001CloudEngine 8800\u3001CloudEngine 12800\u662f\u534e\u4e3a\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4e2d\u7684CFM\uff08Connectivity Fault Management\uff09\u529f\u80fd\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5f53\u8bbe\u5907\u4f7f\u7528\u4e86CFM\u5e76\u4e14\u914d\u7f6e\u4e86MEP\uff08Maintenance Association End Point\uff09\u65f6\uff0c\u653b\u51fb\u8005\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u6784\u9020\u7684\u62a5\u6587\uff0c\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u4e3b\u63a7\u677f\u91cd\u542f\u3002",
  "discovererName": "\u534e\u4e3a",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-cfm-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11299",
  "openTime": "2016-11-18",
  "patchDescription": "CloudEngine 5800\u3001CloudEngine 6800\u3001CloudEngine 7800\u3001CloudEngine 8800\u3001CloudEngine 12800\u662f\u534e\u4e3a\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4e2d\u7684CFM\uff08Connectivity Fault Management\uff09\u529f\u80fd\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5f53\u8bbe\u5907\u4f7f\u80fd\u4e86CFM\u5e76\u4e14\u914d\u7f6e\u4e86MEP\uff08Maintenance Association End Point\uff09\u65f6\uff0c\u653b\u51fb\u8005\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u6784\u9020\u7684\u62a5\u6587\uff0c\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u4e3b\u63a7\u677f\u91cd\u542f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4e2d\u7684CFM\u529f\u80fd\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei CloudEngine 12800 V100R003C10",
      "Huawei CloudEngine 12800 V100R005C00",
      "Huawei CloudEngine 12800 V100R005C10",
      "Huawei CloudEngine 12800 V100R006C00",
      "Huawei CloudEngine 5800 V100R003C10",
      "Huawei CloudEngine 5800 V100R005C00",
      "Huawei CloudEngine 5800 V100R005C10",
      "Huawei CloudEngine 5800 V100R006C00",
      "Huawei CloudEngine 6800 V100R003C10",
      "Huawei CloudEngine 6800 V100R005C00",
      "Huawei CloudEngine 6800 V100R005C10",
      "Huawei CloudEngine 6800 V100R006C00",
      "Huawei CloudEngine 7800 V100R003C10",
      "Huawei CloudEngine 7800 V100R005C00",
      "Huawei CloudEngine 7800 V100R005C10",
      "Huawei CloudEngine 7800 V100R006C00",
      "Huawei CloudEngine 8800 V100R006C00"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2016/huawei-sa-20161116-01-cfm-cn",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-18",
  "title": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1\u4e2d\u7684CFM\u529f\u80fd\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.