CVE-2016-4577

Published on: 05/23/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:58 PM UTC

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Ngfw Module from Huawei contain the following vulnerability:

Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

  • CVE-2016-4577 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
ADJACENT_NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
ADJACENT_NETWORK HIGH NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Multiple Huawei Products Buffer Overflow Vulnerability cve.report (archive)
text/html
URL Logo BID 90532
Security Advisory - Buffer Overflow Vulnerability in Huawei Several Products Vendor Advisory
www.huawei.com
text/html
URL Logo CONFIRM www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-dns-en

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareHuaweiNgfw Module-AllAllAll
HardwareHuaweiNgfw Module-AllAllAll
Operating
System
HuaweiNgfw Module Firmwarev500r001c00AllAllAll
Operating
System
HuaweiNgfw Module Firmwarev500r001c00AllAllAll
HardwareHuaweiSecospace Usg6300-AllAllAll
HardwareHuaweiSecospace Usg6300-AllAllAll
Operating
System
HuaweiSecospace Usg6300 Firmwarev500r001c00AllAllAll
Operating
System
HuaweiSecospace Usg6300 Firmwarev500r001c00AllAllAll
HardwareHuaweiSecospace Usg6500-AllAllAll
HardwareHuaweiSecospace Usg6500-AllAllAll
Operating
System
HuaweiSecospace Usg6500 Firmwarev500r001c00AllAllAll
Operating
System
HuaweiSecospace Usg6500 Firmwarev500r001c00AllAllAll
HardwareHuaweiSecospace Usg6600-AllAllAll
HardwareHuaweiSecospace Usg6600-AllAllAll
Operating
System
HuaweiSecospace Usg6600 Firmwarev500r001c00AllAllAll
Operating
System
HuaweiSecospace Usg6600 Firmwarev500r001c00AllAllAll
HardwareHuaweiUsg9500-AllAllAll
HardwareHuaweiUsg9500-AllAllAll
Operating
System
HuaweiUsg9500 Firmwarev500r001c00AllAllAll
Operating
System
HuaweiUsg9500 Firmwarev500r001c00AllAllAll
  • cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*:
  • cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*:
  • cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*:
  • cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*:
  • cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*:
  • cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*: