CVE-2016-4087

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.1HIGH

EPSS

0.8%

top 25.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei S12700 Firmware Huawei S5700 Firmware

Timeline

PublishedMay 23

Latest updateMay 17

Description

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/s5700_firmware4 versions+3

▶NVDhuawei/s12700_firmwarev200r005c00spc300

🔴Vulnerability Details

GHSA

GHSA-hvh8-j8p5-8pp9: Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled↗2022-05-17

▶

CVEList

CVE-2016-4087: Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled↗2016-05-23

▶