CVE-2015-8676 : Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200

Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets.

Published 2016-04-14 15:59:03

Updated 2019-06-20 13:54:56

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2015-8676

Probability of exploitation activity in the next 30 days: 0.26%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-8676

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2015-8676

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)
CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-8676

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en

Security Advisory - ICMPv6 DoS Vulnerability in Huawei Switches
Vendor Advisory

Products affected by CVE-2015-8676

Huawei » S5300ei Firmware
Versions from including (>=) v200r001c00 and before (<) v200r001sph018
cpe:2.3:o:huawei:s5300ei_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5300ei » Version: N/A
Huawei » S5300ei Firmware
Versions from including (>=) v200r002c00 and before (<) v200r003sph011
cpe:2.3:o:huawei:s5300ei_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5300ei » Version: N/A
Huawei » S5300si Firmware
Versions from including (>=) v200r001c00 and before (<) v200r001sph018
cpe:2.3:o:huawei:s5300si_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5300si » Version: N/A
Huawei » S5300si Firmware
Versions from including (>=) v200r002c00 and before (<) v200r003sph011
cpe:2.3:o:huawei:s5300si_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5300si » Version: N/A
Huawei » S5310hi Firmware
Versions from including (>=) v200r001c00 and before (<) v200r001sph018
cpe:2.3:o:huawei:s5310hi_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5310hi » Version: N/A
Huawei » S5310hi Firmware
Versions from including (>=) v200r002c00 and before (<) v200r003sph011
cpe:2.3:o:huawei:s5310hi_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5310hi » Version: N/A
Huawei » S6300ei Firmware
Versions from including (>=) v200r001c00 and before (<) v200r001sph018
cpe:2.3:o:huawei:s6300ei_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6300ei » Version: N/A
Huawei » S6300ei Firmware
Versions from including (>=) v200r002c00 and before (<) v200r003sph011
cpe:2.3:o:huawei:s6300ei_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6300ei » Version: N/A
Huawei » S2350ei Firmware
Versions from including (>=) v200r002c00 and before (<) v200r003sph011
cpe:2.3:o:huawei:s2350ei_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S2350ei » Version: N/A
Huawei » S2350ei Firmware
Versions from including (>=) v200r001c00 and before (<) v200r001sph018
cpe:2.3:o:huawei:s2350ei_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S2350ei » Version: N/A
Huawei » S5300li Firmware
Versions from including (>=) v200r002c00 and before (<) v200r003sph011
cpe:2.3:o:huawei:s5300li_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5300li » Version: N/A
Huawei » S5300li Firmware
Versions from including (>=) v200r001c00 and before (<) v200r001sph018
cpe:2.3:o:huawei:s5300li_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5300li » Version: N/A
Huawei » S7700 Firmware
Versions from including (>=) v200r001c00 and before (<) v200r001sph023
cpe:2.3:o:huawei:s7700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware
Versions from including (>=) v200r002c00 and before (<) v200r003c00
cpe:2.3:o:huawei:s7700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware » Version: V200r003c00
cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S9700 Firmware
Versions from including (>=) v200r001c00 and before (<) v200r001sph023
cpe:2.3:o:huawei:s9700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware
Versions from including (>=) v200r002c00 and before (<) v200r003c00
cpe:2.3:o:huawei:s9700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r003c00
cpe:2.3:o:huawei:s9700_firmware:v200r003c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9300 Firmware
Versions from including (>=) v200r002c00 and before (<) v200r003c00
cpe:2.3:o:huawei:s9300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9300 » Version: N/A
Huawei » S9300 Firmware
Versions from including (>=) v200r001c00 and before (<) v200r001sph023
cpe:2.3:o:huawei:s9300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9300 » Version: N/A
Huawei » S9300 Firmware » Version: V200r003c00
cpe:2.3:o:huawei:s9300_firmware:v200r003c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9300 » Version: N/A
Huawei » S2300 Firmware
Versions from including (>=) v100r006c05 and before (<) v100r006sph022
cpe:2.3:o:huawei:s2300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S2300 » Version: N/A
Huawei » S3300 Firmware
Versions from including (>=) v100r006c05 and before (<) v100r006sph022
cpe:2.3:o:huawei:s3300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S3300 » Version: N/A

Vulnerability Details : CVE-2015-8676

Exploit prediction scoring system (EPSS) score for CVE-2015-8676

CVSS scores for CVE-2015-8676

CWE ids for CVE-2015-8676

References for CVE-2015-8676

Products affected by CVE-2015-8676