CVE-2016-4576 - OpenCVE

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Ngfw Module Usg9500 Firmware Ips Module Firmware Secospace Usg6600 Firmware Nip6300 Ips Module Nip6600 Secospace Usg6300 Secospace Usg6500 Firmware Nip6600 Firmware Ngfw Module Firmware Secospace Antiddos8000 Firmware Secospace Usg6600 Usg9500 Secospace Usg6300 Firmware Nip6300 Firmware Secospace Usg6500 Secospace Antiddos8000

Configuration 1 [-]

AND

cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:huawei:secospace_antiddos8000:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:secospace_antiddos8000_firmware:v500r001c00:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*

cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-aspf-en	Vendor Advisory
http://www.securityfocus.com/bid/90530

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-05-23T19:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2016-05-11T00:00:00

Link: CVE-2016-4576

JSON object: View

NVD Information

Status : Modified

Published: 2016-05-23T19:59:09.980

Modified: 2016-11-28T20:19:02.057

Link: CVE-2016-4576

JSON object: View

Redhat Information

No data.

CWE

CWE-119