CVE-2016-4577 : Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Sec

Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

Published 2016-05-23 19:59:11

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Products affected by CVE-2016-4577

Huawei » Secospace Usg6500 Firmware » Version: V500r001c00
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Secospace Usg6500 » Version: N/A
Huawei » Usg9500 Firmware » Version: V500r001c00
cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Usg9500 » Version: N/A
Huawei » Secospace Usg6300 Firmware » Version: V500r001c00
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Secospace Usg6300 » Version: N/A
Huawei » Ngfw Module Firmware » Version: V500r001c00
cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ngfw Module » Version: N/A
Huawei » Secospace Usg6600 Firmware » Version: V500r001c00
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Secospace Usg6600 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2016-4577

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 29 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-4577

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:A/AC:H/Au:N/C:C/I:C/A:C	3.2	10.0	NIST
Access Vector: Adjacent Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-4577

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4577

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-dns-en

Security Advisory - Buffer Overflow Vulnerability in Huawei Several Products
Vendor Advisory
http://www.securityfocus.com/bid/90532

Multiple Huawei Products Buffer Overflow Vulnerability

Jump to

Vulnerability Details : CVE-2016-4577

Products affected by CVE-2016-4577

Exploit prediction scoring system (EPSS) score for CVE-2016-4577

CVSS scores for CVE-2016-4577

CWE ids for CVE-2016-4577

References for CVE-2016-4577