CNVD-2016-11666
Vulnerability from cnvd - Published: 2016-11-30
VLAI Severity ?
Title
华为部分交换机存在整数溢出漏洞
Description
Huawei CloudEngine 12800、CloudEngine 5800、CloudEngine 6800、CloudEngine 7800、CloudEngine 8800为华为的交换机设备。
华为部分交换机存在整数溢出漏洞。由于未对IPFPM报文中的特定字段进行校验,未经认证的远程攻击者利用漏洞可向目标设备发送特定的IPFPM报文,可能导致设备重启。
Severity
低
Patch Name
华为部分交换机存在整数溢出漏洞的补丁
Patch Description
Huawei CloudEngine 12800、CloudEngine 5800、CloudEngine 6800、CloudEngine 7800、CloudEngine 8800为华为的交换机设备。
华为部分交换机存在整数溢出漏洞。由于未对IPFPM报文中的特定字段进行校验,未经认证的远程攻击者利用漏洞可向目标设备发送特定的IPFPM报文,可能导致设备重启。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已提供漏洞修补方案,请关注如下链接及时更新: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-vrp-cn
Reference
http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-vrp-cn
Impacted products
| Name | ['Huawei CloudEngine 12800 V100R003C00', 'Huawei CloudEngine 12800 V100R003C10', 'Huawei CloudEngine 12800 V100R005C00', 'Huawei CloudEngine 12800 V100R005C10', 'Huawei CloudEngine 12800 V100R006C00', 'Huawei CloudEngine 5800 V100R003C10', 'Huawei CloudEngine 5800 V100R005C00', 'Huawei CloudEngine 5800 V100R005C10', 'Huawei CloudEngine 5800 V100R006C00', 'Huawei CloudEngine 6800 V100R003C10', 'Huawei CloudEngine 6800 V100R005C00', 'Huawei CloudEngine 6800 V100R005C10', 'Huawei CloudEngine 6800 V100R006C00', 'Huawei CloudEngine 7800 V100R003C10', 'Huawei CloudEngine 7800 V100R005C00', 'Huawei CloudEngine 7800 V100R005C10', 'Huawei CloudEngine 7800 V100R006C00', 'Huawei CloudEngine 8800 V100R006C00', 'Huawei CloudEngine 12800 V100R002C00', 'Huawei CloudEngine 5800 V100R002C00', 'Huawei CloudEngine 5800 V100R003C00', 'Huawei CloudEngine 6800 V100R002C00', 'Huawei CloudEngine 6800 V100R003C00', 'Huawei CloudEngine 7800 V100R003C00'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "94504"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-8795"
}
},
"description": "Huawei CloudEngine 12800\u3001CloudEngine 5800\u3001CloudEngine 6800\u3001CloudEngine 7800\u3001CloudEngine 8800\u4e3a\u534e\u4e3a\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002\r\n\r\n\u534e\u4e3a\u90e8\u5206\u4ea4\u6362\u673a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u5bf9IPFPM\u62a5\u6587\u4e2d\u7684\u7279\u5b9a\u5b57\u6bb5\u8fdb\u884c\u6821\u9a8c\uff0c\u672a\u7ecf\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5411\u76ee\u6807\u8bbe\u5907\u53d1\u9001\u7279\u5b9a\u7684IPFPM\u62a5\u6587\uff0c\u53ef\u80fd\u5bfc\u81f4\u8bbe\u5907\u91cd\u542f\u3002",
"discovererName": "Huawei",
"formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5982\u4e0b\u94fe\u63a5\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-vrp-cn",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-11666",
"openTime": "2016-11-30",
"patchDescription": "Huawei CloudEngine 12800\u3001CloudEngine 5800\u3001CloudEngine 6800\u3001CloudEngine 7800\u3001CloudEngine 8800\u4e3a\u534e\u4e3a\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002\r\n\r\n\u534e\u4e3a\u90e8\u5206\u4ea4\u6362\u673a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u5bf9IPFPM\u62a5\u6587\u4e2d\u7684\u7279\u5b9a\u5b57\u6bb5\u8fdb\u884c\u6821\u9a8c\uff0c\u672a\u7ecf\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5411\u76ee\u6807\u8bbe\u5907\u53d1\u9001\u7279\u5b9a\u7684IPFPM\u62a5\u6587\uff0c\u53ef\u80fd\u5bfc\u81f4\u8bbe\u5907\u91cd\u542f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u534e\u4e3a\u90e8\u5206\u4ea4\u6362\u673a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Huawei CloudEngine 12800 V100R003C00",
"Huawei CloudEngine 12800 V100R003C10",
"Huawei CloudEngine 12800 V100R005C00",
"Huawei CloudEngine 12800 V100R005C10",
"Huawei CloudEngine 12800 V100R006C00",
"Huawei CloudEngine 5800 V100R003C10",
"Huawei CloudEngine 5800 V100R005C00",
"Huawei CloudEngine 5800 V100R005C10",
"Huawei CloudEngine 5800 V100R006C00",
"Huawei CloudEngine 6800 V100R003C10",
"Huawei CloudEngine 6800 V100R005C00",
"Huawei CloudEngine 6800 V100R005C10",
"Huawei CloudEngine 6800 V100R006C00",
"Huawei CloudEngine 7800 V100R003C10",
"Huawei CloudEngine 7800 V100R005C00",
"Huawei CloudEngine 7800 V100R005C10",
"Huawei CloudEngine 7800 V100R006C00",
"Huawei CloudEngine 8800 V100R006C00",
"Huawei CloudEngine 12800 V100R002C00",
"Huawei CloudEngine 5800 V100R002C00",
"Huawei CloudEngine 5800 V100R003C00",
"Huawei CloudEngine 6800 V100R002C00",
"Huawei CloudEngine 6800 V100R003C00",
"Huawei CloudEngine 7800 V100R003C00"
]
},
"referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-vrp-cn",
"serverity": "\u4f4e",
"submitTime": "2016-11-28",
"title": "\u534e\u4e3a\u90e8\u5206\u4ea4\u6362\u673a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…