Details of VAR-201610-0225

ID

VAR-201610-0225

CVE

CVE-2016-8203

TITLE

Brocade MLXs Run on image Brocade NetIron OS of IPsec Service disruption in the code path (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-005709

DESCRIPTION

A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service (line card reset) via certain constructed IPsec control packets. NetIronOS is a power service network solution. Brocade NetIron OS is prone to a memory-corruption vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Brocade NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a are vulnerable

Trust: 2.43

sources: NVD: CVE-2016-8203 // JVNDB: JVNDB-2016-005709 // CNVD: CNVD-2016-10560 // BID: 94232

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-10560

AFFECTED PRODUCTS

vendor:	brocade	model:	netiron os	scope:	eq	version:	6.0.00	Trust: 1.9
vendor:	brocade	model:	netiron os	scope:	eq	version:	6.0.00a	Trust: 1.6
vendor:	brocade	model:	netiron os	scope:	lte	version:	5.9.00bd	Trust: 1.0
vendor:	brocade	model:	netiron os	scope:	lte	version:	5.8.00e	Trust: 1.0
vendor:	brocade	model:	netiron os	scope:	eq	version:	6.0.00ab	Trust: 0.8
vendor:	brocade	model:	netiron os	scope:	lt	version:	5.8.00	Trust: 0.8
vendor:	brocade	model:	netiron os	scope:	eq	version:	5.9.00be	Trust: 0.8
vendor:	brocade	model:	netiron os	scope:	lt	version:	5.9.00	Trust: 0.8
vendor:	brocade	model:	netiron os	scope:	eq	version:	5.8.00ec	Trust: 0.8
vendor:	brocade	model:	netiron os	scope:	lt	version:	6.0.00	Trust: 0.8
vendor:	brocade	model:	netiron os on brocade mlxs >=5.8.00,<=5.8.00e	scope:	-	version:	-	Trust: 0.6
vendor:	brocade	model:	netiron os on brocade mlxs >=5.9.00,<=5.9.00bd	scope:	-	version:	-	Trust: 0.6
vendor:	brocade	model:	netiron os on brocade mlxs	scope:	eq	version:	6.0.00	Trust: 0.6
vendor:	brocade	model:	netiron os on brocade mlxs 6.0.00a	scope:	-	version:	-	Trust: 0.6
vendor:	brocade	model:	netiron os	scope:	eq	version:	5.8.00e	Trust: 0.6
vendor:	brocade	model:	netiron os	scope:	eq	version:	5.9.00bd	Trust: 0.6
vendor:	brocade	model:	netiron os 6.0.00a	scope:	-	version:	-	Trust: 0.3
vendor:	brocade	model:	netiron os 5.9.00bd	scope:	-	version:	-	Trust: 0.3
vendor:	brocade	model:	netiron os	scope:	eq	version:	5.9.00	Trust: 0.3
vendor:	brocade	model:	netiron os 5.8.00e	scope:	-	version:	-	Trust: 0.3
vendor:	brocade	model:	netiron os	scope:	eq	version:	5.8.00	Trust: 0.3

sources: CNVD: CNVD-2016-10560 // BID: 94232 // JVNDB: JVNDB-2016-005709 // CNNVD: CNNVD-201610-868 // NVD: CVE-2016-8203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8203
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8203
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-10560
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201610-868
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2016-8203
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-10560
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-8203
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-10560 // JVNDB: JVNDB-2016-005709 // CNNVD: CNNVD-201610-868 // NVD: CVE-2016-8203

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-005709 // NVD: CVE-2016-8203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-868

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201610-868

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005709

PATCH

title:	BSA-2016-168	url:	http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf	Trust: 0.8
title:	BrocadeNetIronOS Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/83439	Trust: 0.6
title:	Brocade NetIron OS on Brocade MLXs Repair measures for memory corruption vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65189	Trust: 0.6

sources: CNVD: CNVD-2016-10560 // JVNDB: JVNDB-2016-005709 // CNNVD: CNNVD-201610-868

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8203	Trust: 3.3
db:	BID	id:	94232	Trust: 1.9
db:	SECTRACK	id:	1037010	Trust: 1.0
db:	JVNDB	id:	JVNDB-2016-005709	Trust: 0.8
db:	CNVD	id:	CNVD-2016-10560	Trust: 0.6
db:	CNNVD	id:	CNNVD-201610-868	Trust: 0.6

sources: CNVD: CNVD-2016-10560 // BID: 94232 // JVNDB: JVNDB-2016-005709 // CNNVD: CNNVD-201610-868 // NVD: CVE-2016-8203

REFERENCES

url:	http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-168.pdf	Trust: 1.9
url:	http://www.securityfocus.com/bid/94232	Trust: 1.0
url:	http://www.securitytracker.com/id/1037010	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8203	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8203	Trust: 0.8
url:	http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content	Trust: 0.6
url:	http://www.brocade.com/index.page	Trust: 0.3

sources: CNVD: CNVD-2016-10560 // BID: 94232 // JVNDB: JVNDB-2016-005709 // CNNVD: CNNVD-201610-868 // NVD: CVE-2016-8203

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 94232

SOURCES

db:	CNVD	id:	CNVD-2016-10560
db:	BID	id:	94232
db:	JVNDB	id:	JVNDB-2016-005709
db:	CNNVD	id:	CNNVD-201610-868
db:	NVD	id:	CVE-2016-8203

LAST UPDATE DATE

2025-04-13T23:17:50.961000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-10560	date:	2016-11-03T00:00:00
db:	BID	id:	94232	date:	2016-11-24T01:09:00
db:	JVNDB	id:	JVNDB-2016-005709	date:	2016-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201610-868	date:	2016-11-01T00:00:00
db:	NVD	id:	CVE-2016-8203	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-10560	date:	2016-11-03T00:00:00
db:	BID	id:	94232	date:	2016-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2016-005709	date:	2016-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201610-868	date:	2016-10-31T00:00:00
db:	NVD	id:	CVE-2016-8203	date:	2016-10-31T21:59:00.207