Improper input validation in Intel Ethernet Controller X710 - CVE-2016-8106
Published: January 10, 2017 / Updated: January 11, 2017
Vulnerability identifier: #VU4135
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-8106
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
Intel Ethernet Controller X710
Intel Ethernet Controller X710
Detailed vulnerability description
The vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to improper validation of user-supplied data in Intel Ethernet Controller X710 and XL710. A remote attacker can send specially crafted data to vulnerable controller and cause denial of service conditions.
Successful exploitation of the vulnerability will result in network failure.
The vulnerability exists due to improper validation of user-supplied data in Intel Ethernet Controller X710 and XL710. A remote attacker can send specially crafted data to vulnerable controller and cause denial of service conditions.
Successful exploitation of the vulnerability will result in network failure.
How to mitigate CVE-2016-8106
Update Intel Ethernet Controller firmware to version 5.05.