PT-2016-5849 · Huawei · Huawei S12700+2
Publicado
2016-04-27
·
Atualizado
2016-05-25
·
CVE-2016-4087
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei S12700 switches versions prior to V200R008C00SPC500
Huawei S5700 switches versions prior to V200R005SPH010
Description
The issue is related to an input validation vulnerability that can be exploited when the debug switch is enabled on the device. An attacker with network access can craft malformed DNS packets and send them to the target device, potentially causing a denial of service or allowing remote code execution.
Recommendations
For Huawei S12700 switches versions prior to V200R008C00SPC500, update to V200R008C00SPC500 or later to resolve the issue.
For Huawei S5700 switches versions prior to V200R005SPH010, update to V200R005SPH010 or later to resolve the issue.
As a temporary workaround, consider disabling the debug switch on the devices until a patch is available.
Correção
RCE
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei S12700
Huawei S5700
Huawei Vrp