PT-2016-6783 · Huawei · Ne40E+5
Publicado
2016-07-13
·
Atualizado
2016-08-03
·
CVE-2016-6178
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei NE40E and CX600 devices with software before V800R007SPH017
Huawei PTN 6900-2-M8 devices with software before V800R007SPH019
Huawei NE5000E devices with software before V800R006SPH018
Huawei CloudEngine 12800 devices with software before V100R003SPH010 and before V100R005SPH006
Description
The issue is related to an input validation vulnerability in multiple Huawei products. An attacker with control plane access can exploit this by crafting a malformed packet, potentially causing a denial of service or executing arbitrary code.
Recommendations
For Huawei NE40E and CX600 devices with software before V800R007SPH017, update to V800R007SPH017 or later.
For Huawei PTN 6900-2-M8 devices with software before V800R007SPH019, update to V800R007SPH019 or later.
For Huawei NE5000E devices with software before V800R006SPH018, update to V800R006SPH018 or later.
For Huawei CloudEngine 12800 devices with software before V100R003SPH010, update to V100R003SPH010 or later.
For Huawei CloudEngine 12800 devices with software before V100R005SPH006, update to V100R005SPH006 or later.
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cx600
Cloudengine 12800
Huawei Vrp
Ne40E
Ne5000E
Ptn 6900-2-M8