PT-2016-7473 · Huawei · Usg9560+3

Publicado

2016-09-21

Atualizado

2016-10-06

CVE-2016-8277

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Huawei USG9520, USG9560, and USG9580 versions prior to V300R001C01SPCa00

Description The issue is related to a denial of service (DoS) that can be triggered by a remote authenticated user. This is due to the device not validating parameters in a certain command, allowing an attacker with certain permissions to deliver a command containing a malicious parameter, which can cause the device to restart.

Recommendations For versions prior to V300R001C01SPCa00, update to V300R001C01SPCa00 or later to resolve the issue. As a temporary workaround, consider restricting access to the command that contains the vulnerable parameter to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2016-8277

Produtos afetados

Huawei Vrp

Usg9520

Usg9560

Usg9580

PT-2016-7473 · Huawei · Usg9560+3

CVE-2016-8277

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4