SB2016100410 - Denial of service in Huawei USG5500
Published: October 4, 2016 Updated: October 4, 2016
Security Bulletin ID
SB2016100410
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Denial of service (CVE-ID: CVE-2016-8276)
The vulnerability allows a remote user to cause denial of service on the target system.The weakness exists due to buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module during configuration of CHAP authentication. Via crafted packets sent while authentication attackers can trigger the affected service deny and even execute arbitrary code.
Successful exploitation of the vulnerabilty leads to denial of service or arbitrary code execution on the vulnerable system.
Remediation
Install update from vendor's website.