PT-2016-7159 · Huawei · Huawei Ar2500+12
Publicado
2016-08-24
·
Atualizado
2016-09-28
·
CVE-2016-6901
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers versions prior to V200R007C00SPC900
Huawei NetEngine 16EX routers versions prior to V200R007C00SPC900
Description
The issue is related to a format string vulnerability that can be exploited by remote authenticated users to cause a denial of service. This occurs when the system processes partial commands that contain format string specifiers. An authenticated attacker could exploit this vulnerability, leading to a denial of service.
Recommendations
For Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers versions prior to V200R007C00SPC900, update to version V200R007C00SPC900 or later.
For Huawei NetEngine 16EX routers versions prior to V200R007C00SPC900, update to version V200R007C00SPC900 or later.
As a temporary workaround, consider restricting access to partial commands until a patch is available.
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei Ar100
Huawei Ar120-S
Huawei Ar1200
Huawei Ar150
Huawei Ar200
Huawei Ar2200
Huawei Ar2500
Huawei Ar3200
Huawei Ar3600
Huawei Ar500
Huawei Ar550
Huawei Netengine16Ex
Huawei Vrp