cvelistv5 - cve-2016-8802

CVE-2016-8802 (GCVE-0-2016-8802)

Vulnerability from cvelistv5

Published

2017-04-02 20:00

Modified

2024-08-06 02:35

Severity ?

CWE

buffer overflow

Summary

References

URL

	Vendor	Product	Version
	n/a	Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,	Version: Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,

ghsa-x3cf-qq49-8942

Vulnerability from github

Published

2022-05-17 02:51

Modified

2022-05-17 02:51

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-02T20:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.",
  "id": "GHSA-x3cf-qq49-8942",
  "modified": "2022-05-17T02:51:29Z",
  "published": "2022-05-17T02:51:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8802"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94538"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2016-8802

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-8802

Aliases

CVE-2016-8802

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8802",
    "description": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.",
    "id": "GSD-2016-8802"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8802"
      ],
      "details": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.",
      "id": "GSD-2016-8802",
      "modified": "2023-12-13T01:21:22.336196Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2016-8802",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "buffer overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
          },
          {
            "name": "94538",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94538"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2016-8802"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
            },
            {
              "name": "94538",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94538"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-04-05T19:52Z",
      "publishedDate": "2017-04-02T20:59Z"
    }
  }
}

fkie_cve-2016-8802

Vulnerability from fkie_nvd

Published

2017-04-02 20:59

Modified

2025-04-20 01:37

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/94538	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94538	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
huawei	secospace_usg6300_firmware	v500r001c20spc100
huawei	secospace_usg6300_firmware	v500r001c20spc101
huawei	secospace_usg6300_firmware	v500r001c20spc200
huawei	secospace_usg6300	-
huawei	secospace_usg6500_firmware	v500r001c20spc100
huawei	secospace_usg6500_firmware	v500r001c20spc101
huawei	secospace_usg6500_firmware	v500r001c20spc200
huawei	secospace_usg6500	-
huawei	secospace_usg6600_firmware	v500r001c20spc100
huawei	secospace_usg6600_firmware	v500r001c20spc101
huawei	secospace_usg6600_firmware	v500r001c20spc200
huawei	secospace_usg6600	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBE3431-EBFA-4C4A-97B1-6384869FD197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9A01CAB-F734-474E-B2D6-72CC4FAFD316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F11B551-9147-4DCA-8FEF-0874EEB83984",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C281B511-7A27-4FC6-9427-AE5AD7C302F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7BA85B-9D77-44C2-B91D-5C8FC20B25A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B566B18-15AF-4D81-B708-4DF02B974208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED44F95-064A-4E85-A030-B15E88FBEAB4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "76B53D29-9848-43A1-948B-2F468BFBEDD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA6E88F3-6B23-4868-8487-0A1172D10DE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C078DB-743F-4E37-A435-8FF79DA908DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo de procesamiento de pol\u00edticas de seguridad en Huawei Secospace USG6300 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 permite a atacantes autenticados configurar una pol\u00edtica de seguridad especifica dentro de los dispositivos, provocando un desbordamiento de b\u00fafer y bloqueando el sistema."
    }
  ],
  "id": "CVE-2016-8802",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-02T20:59:01.937",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94538"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. Huawei Secospace is a terminal security management system. A buffer overflow vulnerability exists in multiple Huawei Secospace products. Because the user does not perform a boundary check on the data copied by the user, the attacker can exploit the vulnerability to restart the affected device, resulting in a denial of service condition and possibly executing arbitrary code. Attackers can exploit this issue to reboot the affected device to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Huawei Secospace USG6300 etc. are the firewalls of China Huawei (Huawei). The following products and versions are affected: Huawei Secospace USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6500 USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6600 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0425",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secospace usg6300",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc100"
      },
      {
        "model": "secospace usg6300",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc101"
      },
      {
        "model": "secospace usg6300",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc200"
      },
      {
        "model": "secospace usg6500",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc100"
      },
      {
        "model": "secospace usg6500",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc101"
      },
      {
        "model": "secospace usg6500",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc200"
      },
      {
        "model": "secospace usg6600",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc100"
      },
      {
        "model": "secospace usg6600",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc101"
      },
      {
        "model": "secospace usg6600",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc200"
      },
      {
        "model": "secospace usg6300 v500r001c20spc100",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6300 v500r001c20spc101",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6300 v500r001c20spc200",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6500 v500r001c20spc100",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6500 v500r001c20spc101",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6500 v500r001c20spc200",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6600 v500r001c20spc100",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6600 v500r001c20spc101",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6600 v500r001c20spc200",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6600 v500r001c20spc300",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6500 v500r001c20spc300",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6300 v500r001c20spc300",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:huawei:secospace_usg6300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:secospace_usg6500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:secospace_usg6600_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "94538"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-8802",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2016-8802",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-11668",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-97622",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-8802",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-8802",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-8802",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-11668",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-650",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97622",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. Huawei Secospace is a terminal security management system. A buffer overflow vulnerability exists in multiple Huawei Secospace products. Because the user does not perform a boundary check on the data copied by the user, the attacker can exploit the vulnerability to restart the affected device, resulting in a denial of service condition and possibly executing arbitrary code. \nAttackers can exploit this issue to reboot the affected device to cause  denial-of-service conditions. Due to the nature of this issue, arbitrary  code execution may be possible but this has not been confirmed. Huawei Secospace USG6300 etc. are the firewalls of China Huawei (Huawei). The following products and versions are affected: Huawei Secospace USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6500 USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6600 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8802",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "94538",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "id": "VAR-201704-0425",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      }
    ],
    "trust": 1.3653315199999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:05:27.963000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20161125-01-usg",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
      },
      {
        "title": "Patch for buffer overflow vulnerability in multiple HuaweiSecospace products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/84654"
      },
      {
        "title": "Multiple Huawei Secospace Repair measures for firewall product buffer overflow vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66066"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/94538"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8802"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8802"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "date": "2017-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "date": "2016-11-25T00:00:00",
        "db": "BID",
        "id": "94538"
      },
      {
        "date": "2017-05-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "date": "2016-11-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      },
      {
        "date": "2017-04-02T20:59:01.937000",
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "date": "2017-04-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "date": "2016-12-20T01:02:00",
        "db": "BID",
        "id": "94538"
      },
      {
        "date": "2017-05-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "date": "2016-12-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      },
      {
        "date": "2024-11-21T03:00:07.210000",
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Huawei Secospace USG Buffer overflow vulnerability in product security policy execution module",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2016-11668

Vulnerability from cnvd

Title

多个Huawei Secospace产品存在缓冲区溢出漏洞

Description

华为Secospace是一款终端安全管理系统。多个华为Secospace产品存在缓冲区溢出漏洞。由于未对用户复制的数据进行边界检查，攻击者利用漏洞可重启受影响的设备，导致拒绝服务条件，可能执行任意代码。

Severity

高

Patch Name

多个Huawei Secospace产品存在缓冲区溢出漏洞的补丁

Patch Description

华为Secospace是一款终端安全管理系统。多个华为Secospace产品存在缓冲区溢出漏洞。由于未对用户复制的数据进行边界检查，攻击者利用漏洞可重启受影响的设备，导致拒绝服务条件，可能执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en

Impacted products

Name
['Huawei Secospace USG6300 V500R001C20SPC100', 'Huawei Secospace USG6300 V500R001C20SPC101', 'Huawei Secospace USG6300 V500R001C20SPC200', 'Huawei Secospace USG6500 V500R001C20SPC100', 'Huawei Secospace USG6500 V500R001C20SPC101', 'Huawei Secospace USG6500 V500R001C20SPC200', 'Huawei Secospace USG6600 V500R001C20SPC100', 'Huawei Secospace USG6600 V500R001C20SPC101', 'Huawei Secospace USG6600 V500R001C20SPC200']

Name

['Huawei Secospace USG6300 V500R001C20SPC100', 'Huawei Secospace USG6300 V500R001C20SPC101', 'Huawei Secospace USG6300 V500R001C20SPC200', 'Huawei Secospace USG6500 V500R001C20SPC100', 'Huawei Secospace USG6500 V500R001C20SPC101', 'Huawei Secospace USG6500 V500R001C20SPC200', 'Huawei Secospace USG6600 V500R001C20SPC100', 'Huawei Secospace USG6600 V500R001C20SPC101', 'Huawei Secospace USG6600 V500R001C20SPC200']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94538"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8802"
    }
  },
  "description": "\u534e\u4e3aSecospace\u662f\u4e00\u6b3e\u7ec8\u7aef\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\n\u591a\u4e2a\u534e\u4e3aSecospace\u4ea7\u54c1\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u5bf9\u7528\u6237\u590d\u5236\u7684\u6570\u636e\u8fdb\u884c\u8fb9\u754c\u68c0\u67e5\uff0c\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u91cd\u542f\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\uff0c\u53ef\u80fd\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11668",
  "openTime": "2016-11-30",
  "patchDescription": "\u534e\u4e3aSecospace\u662f\u4e00\u6b3e\u7ec8\u7aef\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\n\u591a\u4e2a\u534e\u4e3aSecospace\u4ea7\u54c1\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u5bf9\u7528\u6237\u590d\u5236\u7684\u6570\u636e\u8fdb\u884c\u8fb9\u754c\u68c0\u67e5\uff0c\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u91cd\u542f\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\uff0c\u53ef\u80fd\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aHuawei Secospace\u4ea7\u54c1\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei Secospace USG6300 V500R001C20SPC100",
      "Huawei Secospace USG6300 V500R001C20SPC101",
      "Huawei Secospace USG6300 V500R001C20SPC200",
      "Huawei Secospace USG6500 V500R001C20SPC100",
      "Huawei Secospace USG6500 V500R001C20SPC101",
      "Huawei Secospace USG6500 V500R001C20SPC200",
      "Huawei Secospace USG6600 V500R001C20SPC100",
      "Huawei Secospace USG6600 V500R001C20SPC101",
      "Huawei Secospace USG6600 V500R001C20SPC200"
    ]
  },
  "referenceLink": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en",
  "serverity": "\u9ad8",
  "submitTime": "2016-11-28",
  "title": "\u591a\u4e2aHuawei Secospace\u4ea7\u54c1\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-8802 (GCVE-0-2016-8802)

Vulnerability from cvelistv5

ghsa-x3cf-qq49-8942

Vulnerability from github

gsd-2016-8802

Vulnerability from gsd

fkie_cve-2016-8802

Vulnerability from fkie_nvd

var-201704-0425

Vulnerability from variot

cnvd-2016-11668

Vulnerability from cnvd

Tags

Sightings

Nomenclature