Sign-up

ID

VAR-201704-0037


CVE

CVE-2016-6177


TITLE

Huawei OceanStor Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008221

DESCRIPTION

The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays. Huawei OceanStor Contains an integer overflow vulnerability.Service operation interruption (DoS) An attack may be carried out. Huawei OceanStor5800 is a storage system for medium and high-end storage from Huawei

Trust: 2.25

sources: NVD: CVE-2016-6177 // JVNDB: JVNDB-2016-008221 // CNVD: CNVD-2017-04642 // VULHUB: VHN-94997

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04642

AFFECTED PRODUCTS

vendor:huaweimodel:oceanstor 5800 v3scope:eqversion:v300r003c00

Trust: 2.4

vendor:huaweimodel:oceanstor v300r003c00scope:eqversion:5800

Trust: 0.6

sources: CNVD: CNVD-2017-04642 // JVNDB: JVNDB-2016-008221 // NVD: CVE-2016-6177 // CNNVD: CNNVD-201704-192

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-6177
value: MEDIUM

Trust: 1.8

CNVD: CNVD-2017-04642
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-192
value: MEDIUM

Trust: 0.6

VULHUB: VHN-94997
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-6177
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-04642
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-94997
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-6177
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-04642 // VULHUB: VHN-94997 // JVNDB: JVNDB-2016-008221 // NVD: CVE-2016-6177 // CNNVD: CNNVD-201704-192

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-94997 // JVNDB: JVNDB-2016-008221 // NVD: CVE-2016-6177

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-192

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201704-192

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-6177

PATCH
title:huawei-sa-20160629-02-oceanstorurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160629-02-oceanstor-en
Trust: 0.8
title:Huawei OceanStor5800 Integer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/91957
Trust: 0.6
title:Huawei OceanStor 5800 Fixes for digital error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69040
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04642 // 
            
            
            
            JVNDB: JVNDB-2016-008221 // 
            
            
            
            CNNVD: CNNVD-201704-192

EXTERNAL IDS
db:NVDid:CVE-2016-6177
Trust: 3.1
db:JVNDBid:JVNDB-2016-008221
Trust: 0.8
db:CNNVDid:CNNVD-201704-192
Trust: 0.7
db:CNVDid:CNVD-2017-04642
Trust: 0.6
db:VULHUBid:VHN-94997
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04642 // 
            
            
            
            VULHUB: VHN-94997 // 
            
            
            
            JVNDB: JVNDB-2016-008221 // 
            
            
            
            NVD: CVE-2016-6177 // 
            
            
            
            CNNVD: CNNVD-201704-192

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160629-02-oceanstor-en
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6177
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-6177
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-04642 // 
            
            
            
            VULHUB: VHN-94997 // 
            
            
            
            JVNDB: JVNDB-2016-008221 // 
            
            
            
            NVD: CVE-2016-6177 // 
            
            
            
            CNNVD: CNNVD-201704-192

SOURCES
db:CNVDid:CNVD-2017-04642
db:VULHUBid:VHN-94997
db:JVNDBid:JVNDB-2016-008221
db:NVDid:CVE-2016-6177
db:CNNVDid:CNNVD-201704-192

LAST UPDATE DATE
2023-12-18T12:29:44.197000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04642date:2017-04-19T00:00:00
db:VULHUBid:VHN-94997date:2017-04-06T00:00:00
db:JVNDBid:JVNDB-2016-008221date:2017-05-02T00:00:00
db:NVDid:CVE-2016-6177date:2017-04-06T14:56:39.170
db:CNNVDid:CNNVD-201704-192date:2017-04-06T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04642date:2017-04-19T00:00:00
db:VULHUBid:VHN-94997date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2016-008221date:2017-05-02T00:00:00
db:NVDid:CVE-2016-6177date:2017-04-02T20:59:00.890
db:CNNVDid:CNNVD-201704-192date:2017-04-06T00:00:00