Sign-up

ID

VAR-201606-0451


CVE

CVE-2016-5435


TITLE

plural Huawei Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-003345

DESCRIPTION

Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. HuaweiIPSModule and other products are China's Huawei's intrusion prevention and intrusion detection products. A memory leak vulnerability exists in several Huawei products. An attacker can exploit this issue to exhaust memory resources and cause the device to reboot. Huawei USG series, NGFW module, IPS module, NIP series and AntiDDoS8000 are vulnerable

Trust: 2.52

sources: NVD: CVE-2016-5435 // JVNDB: JVNDB-2016-003345 // CNVD: CNVD-2016-04379 // BID: 91473 // VULHUB: VHN-94254

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-04379

AFFECTED PRODUCTS

vendor:huaweimodel:huaweiscope:eqversion:v5500r001c00

Trust: 1.6

vendor:huaweimodel:ngfw modulescope:ltversion:v500r001c00

Trust: 0.8

vendor:huaweimodel:nip6300scope:ltversion:v500r001c00

Trust: 0.8

vendor:huaweimodel:nip6600scope:eqversion:v500r001c20spc100

Trust: 0.8

vendor:huaweimodel:secospace antiddos8000scope:ltversion:v500r001c00

Trust: 0.8

vendor:huaweimodel:secospace usg6300scope:ltversion:v500r001c00

Trust: 0.8

vendor:huaweimodel:secospace usg6500scope:ltversion:v500r001c00

Trust: 0.8

vendor:huaweimodel:usg9500scope:ltversion:v500r001c00

Trust: 0.8

vendor:huaweimodel:secospace antiddos8000scope:eqversion:v500r001c20spc100

Trust: 0.8

vendor:huaweimodel:ips modulescope:eqversion:v500r001c20spc100

Trust: 0.8

vendor:huaweimodel:ips modulescope:ltversion:v500r001c00

Trust: 0.8

vendor:huaweimodel:ngfw modulescope:eqversion:v500r001c20spc100

Trust: 0.8

vendor:huaweimodel:nip6300scope:eqversion:v500r001c20spc100

Trust: 0.8

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c20spc100

Trust: 0.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c20spc100

Trust: 0.8

vendor:huaweimodel:secospace usg6600scope:ltversion:v500r001c00

Trust: 0.8

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c20spc100

Trust: 0.8

vendor:huaweimodel:nip6600scope:ltversion:v500r001c00

Trust: 0.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c20spc100

Trust: 0.8

vendor:huaweimodel:ips module v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ngfw module v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6300 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6600 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6300 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6500 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6600 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:usg9500 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace antiddos8000 v500r001c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2016-04379 // JVNDB: JVNDB-2016-003345 // NVD: CVE-2016-5435 // CNNVD: CNNVD-201606-575

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-5435
value: MEDIUM

Trust: 1.8

CNVD: CNVD-2016-04379
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201606-575
value: HIGH

Trust: 0.6

VULHUB: VHN-94254
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-5435
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-04379
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-94254
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-5435
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-04379 // VULHUB: VHN-94254 // JVNDB: JVNDB-2016-003345 // NVD: CVE-2016-5435 // CNNVD: CNNVD-201606-575

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-94254 // JVNDB: JVNDB-2016-003345 // NVD: CVE-2016-5435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-575

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201606-575

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-5435

PATCH
title:huawei-sa-20160615-01-standbyurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby-en
Trust: 0.8
title:Patches for various Huawei product memory leak vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/78292
Trust: 0.6
title:Multiple Huawei Product memory leak vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62491
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-04379 // 
            
            
            
            JVNDB: JVNDB-2016-003345 // 
            
            
            
            CNNVD: CNNVD-201606-575

EXTERNAL IDS
db:NVDid:CVE-2016-5435
Trust: 3.4
db:JVNDBid:JVNDB-2016-003345
Trust: 0.8
db:CNNVDid:CNNVD-201606-575
Trust: 0.7
db:CNVDid:CNVD-2016-04379
Trust: 0.6
db:BIDid:91473
Trust: 0.4
db:VULHUBid:VHN-94254
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-04379 // 
            
            
            
            VULHUB: VHN-94254 // 
            
            
            
            BID: 91473 // 
            
            
            
            JVNDB: JVNDB-2016-003345 // 
            
            
            
            NVD: CVE-2016-5435 // 
            
            
            
            CNNVD: CNNVD-201606-575

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby-en
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5435
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5435
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160615-01-standby-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-04379 // 
            
            
            
            VULHUB: VHN-94254 // 
            
            
            
            JVNDB: JVNDB-2016-003345 // 
            
            
            
            NVD: CVE-2016-5435 // 
            
            
            
            CNNVD: CNNVD-201606-575

CREDITS
The vendor reported this issue
Trust: 0.3
sources:
            
            
            BID: 91473

SOURCES
db:CNVDid:CNVD-2016-04379
db:VULHUBid:VHN-94254
db:BIDid:91473
db:JVNDBid:JVNDB-2016-003345
db:NVDid:CVE-2016-5435
db:CNNVDid:CNNVD-201606-575

LAST UPDATE DATE
2023-12-18T12:05:49.050000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-04379date:2016-06-30T00:00:00
db:VULHUBid:VHN-94254date:2016-06-28T00:00:00
db:BIDid:91473date:2016-06-15T00:00:00
db:JVNDBid:JVNDB-2016-003345date:2016-06-29T00:00:00
db:NVDid:CVE-2016-5435date:2016-06-28T00:23:55.367
db:CNNVDid:CNNVD-201606-575date:2016-06-27T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-04379date:2016-06-30T00:00:00
db:VULHUBid:VHN-94254date:2016-06-24T00:00:00
db:BIDid:91473date:2016-06-15T00:00:00
db:JVNDBid:JVNDB-2016-003345date:2016-06-29T00:00:00
db:NVDid:CVE-2016-5435date:2016-06-24T17:59:02.517
db:CNNVDid:CNNVD-201606-575date:2016-06-27T00:00:00