CVE-2016-8781 — Huawei Secospace Usg6300 Firmware vulnerability

CWE-3994 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 59.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Secospace Usg6300 Firmware Huawei Secospace Usg6500 Firmware Huawei Secospace Usg6600 Firmware

Timeline

PublishedApr 2

Latest updateMay 17

Description

Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDhuawei/secospace_usg6300_firmwarev500r001c20, v500r001c20spc200pwe+1

▶NVDhuawei/secospace_usg6500_firmwarev500r001c20

▶NVDhuawei/secospace_usg6600_firmwarev500r001c20, v500r001c20spc200pwe+1

🔴Vulnerability Details

GHSA

GHSA-rxqf-6xmp-g3cf: Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with softw↗2022-05-17

▶

CVEList

CVE-2016-8781: Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with softw↗2017-04-02

▶

💬Community

Bugzilla

CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion↗2016-01-25

▶