CVE-2015-8084

Name of the Vulnerable Software and Affected Versions Huawei USG5500 versions prior to V300R001C10SPC600 Huawei USG2100 versions prior to V300R001C10SPC600 Huawei USG2200 versions prior to V300R001C10SPC600 Huawei USG5100 versions prior to V300R001C10SPC600

Description The issue allows remote attackers to cause a denial of service, resulting in a device reboot, via crafted DHCP packets when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is enabled on an interface. This occurs because the device is unable to parse specific DHCP packets correctly.

Recommendations For Huawei USG5500 versions prior to V300R001C10SPC600, update to V300R001C10SPC600 or later to resolve the issue. For Huawei USG2100 versions prior to V300R001C10SPC600, update to V300R001C10SPC600 or later to resolve the issue. For Huawei USG2200 versions prior to V300R001C10SPC600, update to V300R001C10SPC600 or later to resolve the issue. For Huawei USG5100 versions prior to V300R001C10SPC600, update to V300R001C10SPC600 or later to resolve the issue. As a temporary workaround, consider disabling the "DHCP Snooping" function or restricting the use of "option82 insert" or "option82 rebuild" on interfaces until a patch is available.