Vulnerability Details : CVE-2015-8676
Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets.
Vulnerability category: Denial of service
Products affected by CVE-2015-8676
- cpe:2.3:o:huawei:s5300ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300si_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300si_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5310hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5310hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6300ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6300ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2350ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2350ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300li_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300li_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:v200r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:v200r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s3300_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8676
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8676
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2015-8676
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8676
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en
Security Advisory - ICMPv6 DoS Vulnerability in Huawei SwitchesVendor Advisory
Jump to