Sign-up

ID

VAR-201606-0023


CVE

CVE-2016-4057


TITLE

Huawei FusionCompute Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-04478 // CNNVD: CNNVD-201606-664

DESCRIPTION

Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. HuaweiFusionCompute is an enterprise-class open server virtualization solution based on Xen open source design. Huawei FusionCompute is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to exhaust system resources, denying service to legitimate users. The solution provides automation, advanced integration and management capabilities for virtualized data centers. Security vulnerabilities exist in Huawei FusionCompute V100R005C00

Trust: 2.52

sources: NVD: CVE-2016-4057 // JVNDB: JVNDB-2016-003439 // CNVD: CNVD-2016-04478 // BID: 85738 // VULHUB: VHN-92876

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-04478

AFFECTED PRODUCTS

vendor:huaweimodel:fusioncomputescope:lteversion:v100r005c00

Trust: 1.0

vendor:huaweimodel:fusioncomputescope: - version: -

Trust: 0.8

vendor:huaweimodel:fusioncomputescope:ltversion:v100r005c10spc700

Trust: 0.8

vendor:huaweimodel:fusioncompute v100r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:fusioncomputescope:eqversion:v100r005c00

Trust: 0.6

sources: CNVD: CNVD-2016-04478 // JVNDB: JVNDB-2016-003439 // CNNVD: CNNVD-201606-664 // NVD: CVE-2016-4057

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4057
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4057
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-04478
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201606-664
value: MEDIUM

Trust: 0.6

VULHUB: VHN-92876
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4057
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-04478
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-92876
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4057
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-04478 // VULHUB: VHN-92876 // JVNDB: JVNDB-2016-003439 // CNNVD: CNNVD-201606-664 // NVD: CVE-2016-4057

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-92876 // JVNDB: JVNDB-2016-003439 // NVD: CVE-2016-4057

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-664

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201606-664

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003439

PATCH
title:huawei-sa-20160330-01-fusioncomputeurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-fusioncompute-en
Trust: 0.8
title:HuaweiFusionCompute denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/78554
Trust: 0.6
title:Huawei FusionCompute Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62573
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-04478 // 
            
            
            
            JVNDB: JVNDB-2016-003439 // 
            
            
            
            CNNVD: CNNVD-201606-664

EXTERNAL IDS
db:NVDid:CVE-2016-4057
Trust: 3.4
db:BIDid:85738
Trust: 1.4
db:JVNDBid:JVNDB-2016-003439
Trust: 0.8
db:CNNVDid:CNNVD-201606-664
Trust: 0.7
db:CNVDid:CNVD-2016-04478
Trust: 0.6
db:VULHUBid:VHN-92876
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-04478 // 
            
            
            
            VULHUB: VHN-92876 // 
            
            
            
            BID: 85738 // 
            
            
            
            JVNDB: JVNDB-2016-003439 // 
            
            
            
            CNNVD: CNNVD-201606-664 // 
            
            
            
            NVD: CVE-2016-4057

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-fusioncompute-en
Trust: 2.3
url:http://www.securityfocus.com/bid/85738
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4057
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4057
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-04478 // 
            
            
            
            VULHUB: VHN-92876 // 
            
            
            
            JVNDB: JVNDB-2016-003439 // 
            
            
            
            CNNVD: CNNVD-201606-664 // 
            
            
            
            NVD: CVE-2016-4057

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 85738

SOURCES
db:CNVDid:CNVD-2016-04478
db:VULHUBid:VHN-92876
db:BIDid:85738
db:JVNDBid:JVNDB-2016-003439
db:CNNVDid:CNNVD-201606-664
db:NVDid:CVE-2016-4057

LAST UPDATE DATE
2025-04-12T23:08:52.251000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-04478date:2016-07-05T00:00:00
db:VULHUBid:VHN-92876date:2016-11-28T00:00:00
db:BIDid:85738date:2016-07-06T15:10:00
db:JVNDBid:JVNDB-2016-003439date:2016-07-07T00:00:00
db:CNNVDid:CNNVD-201606-664date:2016-07-01T00:00:00
db:NVDid:CVE-2016-4057date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-04478date:2016-07-05T00:00:00
db:VULHUBid:VHN-92876date:2016-06-30T00:00:00
db:BIDid:85738date:2016-03-30T00:00:00
db:JVNDBid:JVNDB-2016-003439date:2016-07-07T00:00:00
db:CNNVDid:CNNVD-201606-664date:2016-06-30T00:00:00
db:NVDid:CVE-2016-4057date:2016-06-30T16:59:01.257