CVE-2015-8676

Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en	Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:s2350ei_firmware::::::::
	cpe:2.3:o:huawei:s2350ei_firmware::::::::

cpe:2.3:h:huawei:s2350ei:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:s5300ei_firmware::::::::
	cpe:2.3:o:huawei:s5300ei_firmware::::::::

cpe:2.3:h:huawei:s5300ei:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:s5300si_firmware::::::::
	cpe:2.3:o:huawei:s5300si_firmware::::::::

cpe:2.3:h:huawei:s5300si:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:s5310hi_firmware::::::::
	cpe:2.3:o:huawei:s5310hi_firmware::::::::

cpe:2.3:h:huawei:s5310hi:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:s6300ei_firmware::::::::
	cpe:2.3:o:huawei:s6300ei_firmware::::::::

cpe:2.3:h:huawei:s6300ei:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:huawei:s5300li_firmware::::::::
	cpe:2.3:o:huawei:s5300li_firmware::::::::

cpe:2.3:h:huawei:s5300li:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:huawei:s9300_firmware::::::::
	cpe:2.3:o:huawei:s9300_firmware::::::::
	cpe:2.3:o:huawei:s9300_firmware:v200r003c00:::::::*

cpe:2.3:h:huawei:s9300:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:huawei:s7700_firmware::::::::
	cpe:2.3:o:huawei:s7700_firmware::::::::
	cpe:2.3:o:huawei:s7700_firmware:v200r003c00:::::::*

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:huawei:s9700_firmware::::::::
	cpe:2.3:o:huawei:s9700_firmware::::::::
	cpe:2.3:o:huawei:s9700_firmware:v200r003c00:::::::*

cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:huawei:s2300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s2300:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:huawei:s3300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s3300:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:38

Type	Values Removed	Values Added
References	~~() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en - Vendor Advisory~~	() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en - Vendor Advisory

Information

Published : 2016-04-14 15:59

Updated : 2024-11-21 02:38

NVD link : CVE-2015-8676

Mitre link : CVE-2015-8676

CVE.ORG link : CVE-2015-8676

JSON object : View

Products Affected

huawei

s7700_firmware
s5300si_firmware
s5310hi
s2350ei
s2300_firmware
s6300ei
s3300_firmware
s5300li_firmware
s5300ei_firmware
s5300si
s2350ei_firmware
s9300_firmware
s7700
s6300ei_firmware
s2300
s9700_firmware
s5300li
s5300ei
s5310hi_firmware
s3300
s9700
s9300

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-399

Resource Management Errors

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2015-8676

7.5^/10

7.8^/10

Attach tags to `CVE-2015-8676`