PT-2016-7562 · Huawei · Cloudengine 8800+4
Published
2016-11-30
·
Updated
2017-04-05
·
CVE-2016-8780
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Huawei CloudEngine 6800 version V100R006C00
Huawei CloudEngine 7800 version V100R006C00
Huawei CloudEngine 8800 version V100R006C00
Huawei CloudEngine 12800 version V100R006C00
Description
The issue allows remote attackers with specific permission to store massive files, exhausting the shared storage space and leading to a denial of service (DoS) condition. This occurs due to improper management of system resources.
Recommendations
For Huawei CloudEngine 6800 version V100R006C00, restrict access to shared storage space to prevent massive file uploads.
For Huawei CloudEngine 7800 version V100R006C00, limit the storage capacity available to remote attackers with specific permission.
For Huawei CloudEngine 8800 version V100R006C00, implement proper system resource management to prevent storage space exhaustion.
For Huawei CloudEngine 12800 version V100R006C00, consider disabling the file upload feature for remote attackers with specific permission until a proper fix is available.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloudengine 12800
Cloudengine 6800
Cloudengine 7800
Cloudengine 8800
Huawei Vrp