Denial of service in Huawei products - CVE-2016-8276
Published: October 4, 2016 / Updated: October 4, 2016
Vulnerability identifier: #VU730
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8276
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei USG5500
Huawei USG5100
Huawei USG2200
Huawei USG2100
Huawei USG5500
Huawei USG5100
Huawei USG2200
Huawei USG2100
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a remote user to cause denial of service on the target system.
The weakness exists due to buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module during configuration of CHAP authentication. Via crafted packets sent while authentication attackers can trigger the affected service deny and even execute arbitrary code.
Successful exploitation of the vulnerabilty leads to denial of service or arbitrary code execution on the vulnerable system.
The weakness exists due to buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module during configuration of CHAP authentication. Via crafted packets sent while authentication attackers can trigger the affected service deny and even execute arbitrary code.
Successful exploitation of the vulnerabilty leads to denial of service or arbitrary code execution on the vulnerable system.
Remediation
Update to V300R001C10SPC600.