Vulnerability Details : CVE-2015-8677
Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.
Vulnerability category: Denial of service
Products affected by CVE-2015-8677
- cpe:2.3:o:huawei:s5300ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300si_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300si_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5310hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5310hi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6300ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6300ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2350ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2350ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2350ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300li_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300li_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300li_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s3300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5720ei_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5720hi_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8677
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8677
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:C |
8.0
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2015-8677
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8677
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en
Security Advisory - Memory Leak Vulnerability in Huawei SwitchesVendor Advisory
Jump to