Details of VAR-201704-0037

ID

VAR-201704-0037

CVE

CVE-2016-6177

TITLE

Huawei OceanStor Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008221

DESCRIPTION

The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays. Huawei OceanStor Contains an integer overflow vulnerability.Service operation interruption (DoS) An attack may be carried out. Huawei OceanStor5800 is a storage system for medium and high-end storage from Huawei

Trust: 2.25

sources: NVD: CVE-2016-6177 // JVNDB: JVNDB-2016-008221 // CNVD: CNVD-2017-04642 // VULHUB: VHN-94997

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04642

AFFECTED PRODUCTS

vendor:	huawei	model:	oceanstor 5800 v3	scope:	eq	version:	v300r003c00	Trust: 2.4
vendor:	huawei	model:	oceanstor v300r003c00	scope:	eq	version:	5800	Trust: 0.6

sources: CNVD: CNVD-2017-04642 // JVNDB: JVNDB-2016-008221 // CNNVD: CNNVD-201704-192 // NVD: CVE-2016-6177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6177
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-6177
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-04642
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-192
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-94997
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6177
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04642
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-94997
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6177
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04642 // VULHUB: VHN-94997 // JVNDB: JVNDB-2016-008221 // CNNVD: CNNVD-201704-192 // NVD: CVE-2016-6177

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.9

sources: VULHUB: VHN-94997 // JVNDB: JVNDB-2016-008221 // NVD: CVE-2016-6177

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-192

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201704-192

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008221

PATCH

title:	huawei-sa-20160629-02-oceanstor	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160629-02-oceanstor-en	Trust: 0.8
title:	Huawei OceanStor5800 Integer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/91957	Trust: 0.6
title:	Huawei OceanStor 5800 Fixes for digital error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69040	Trust: 0.6

sources: CNVD: CNVD-2017-04642 // JVNDB: JVNDB-2016-008221 // CNNVD: CNNVD-201704-192

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6177	Trust: 3.1
db:	JVNDB	id:	JVNDB-2016-008221	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-192	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04642	Trust: 0.6
db:	VULHUB	id:	VHN-94997	Trust: 0.1

sources: CNVD: CNVD-2017-04642 // VULHUB: VHN-94997 // JVNDB: JVNDB-2016-008221 // CNNVD: CNNVD-201704-192 // NVD: CVE-2016-6177

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160629-02-oceanstor-en	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6177	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6177	Trust: 0.8

sources: CNVD: CNVD-2017-04642 // VULHUB: VHN-94997 // JVNDB: JVNDB-2016-008221 // CNNVD: CNNVD-201704-192 // NVD: CVE-2016-6177

SOURCES

db:	CNVD	id:	CNVD-2017-04642
db:	VULHUB	id:	VHN-94997
db:	JVNDB	id:	JVNDB-2016-008221
db:	CNNVD	id:	CNNVD-201704-192
db:	NVD	id:	CVE-2016-6177

LAST UPDATE DATE

2025-04-20T23:05:15.206000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04642	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-94997	date:	2017-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-008221	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-192	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2016-6177	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04642	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-94997	date:	2017-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2016-008221	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-192	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2016-6177	date:	2017-04-02T20:59:00.890