PT-2016-6783 · Huawei · Ne40E+5
Published
2016-07-13
·
Updated
2016-08-03
·
CVE-2016-6178
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei NE40E and CX600 devices with software before V800R007SPH017
Huawei PTN 6900-2-M8 devices with software before V800R007SPH019
Huawei NE5000E devices with software before V800R006SPH018
Huawei CloudEngine 12800 devices with software before V100R003SPH010 and before V100R005SPH006
Description
The issue is related to an input validation vulnerability in multiple Huawei products. An attacker with control plane access can exploit this by crafting a malformed packet, potentially causing a denial of service or executing arbitrary code.
Recommendations
For Huawei NE40E and CX600 devices with software before V800R007SPH017, update to V800R007SPH017 or later.
For Huawei PTN 6900-2-M8 devices with software before V800R007SPH019, update to V800R007SPH019 or later.
For Huawei NE5000E devices with software before V800R006SPH018, update to V800R006SPH018 or later.
For Huawei CloudEngine 12800 devices with software before V100R003SPH010, update to V100R003SPH010 or later.
For Huawei CloudEngine 12800 devices with software before V100R005SPH006, update to V100R005SPH006 or later.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cx600
Cloudengine 12800
Huawei Vrp
Ne40E
Ne5000E
Ptn 6900-2-M8