CVE-2016-6178 : Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet.

Published 2016-08-02 16:59:04

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2016-6178

Huawei » Ne5000e Firmware » Version: V800r006c00
cpe:2.3:o:huawei:ne5000e_firmware:v800r006c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ne5000e » Version: N/A
Huawei » Cloudengine 12800 Firmware » Version: V100r003c10
cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r003c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cloudengine 12800 » Version: N/A
Huawei » Cloudengine 12800 Firmware » Version: V100r005c10
cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cloudengine 12800 » Version: N/A
Huawei » Cloudengine 12800 Firmware » Version: V100r005c00
cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cloudengine 12800 » Version: N/A
Huawei » Cloudengine 12800 Firmware » Version: V100r003c00
cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r003c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cloudengine 12800 » Version: N/A
Huawei » Ptn 6900-2-m8 Firmware » Version: V800r007c00
cpe:2.3:o:huawei:ptn_6900-2-m8_firmware:v800r007c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ptn 6900-2-m8 » Version: N/A
Huawei » Cx600 Firmware » Version: V800r006c20
cpe:2.3:o:huawei:cx600_firmware:v800r006c20:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cx600 » Version: N/A
Huawei » Cx600 Firmware » Version: V800r007c00
cpe:2.3:o:huawei:cx600_firmware:v800r007c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cx600 » Version: N/A
Huawei » Cx600 Firmware » Version: V600r008c20
cpe:2.3:o:huawei:cx600_firmware:v600r008c20:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cx600 » Version: N/A
Huawei » Cx600 Firmware » Version: V800r006c00
cpe:2.3:o:huawei:cx600_firmware:v800r006c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Cx600 » Version: N/A
Huawei » Ne40e Firmware » Version: V800r006c20
cpe:2.3:o:huawei:ne40e_firmware:v800r006c20:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ne40e » Version: N/A
Huawei » Ne40e Firmware » Version: V800r006c30
cpe:2.3:o:huawei:ne40e_firmware:v800r006c30:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ne40e » Version: N/A
Huawei » Ne40e Firmware » Version: V800r007c00
cpe:2.3:o:huawei:ne40e_firmware:v800r007c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ne40e » Version: N/A
Huawei » Ne40e Firmware » Version: V600r008c20
cpe:2.3:o:huawei:ne40e_firmware:v600r008c20:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ne40e » Version: N/A
Huawei » Ne40e Firmware » Version: V800r006c00
cpe:2.3:o:huawei:ne40e_firmware:v800r006c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ne40e » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2016-6178

EPSS FAQ

1.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-6178

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-6178

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-6178

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-multicast-ldp-fec-stack-en

Security Advisory - Input Validation Vulnerability in Multiple Huawei Products
Vendor Advisory
http://www.securityfocus.com/bid/91772

Multiple Huawei Products CVE-2016-6178 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2016-6178

Products affected by CVE-2016-6178

Exploit prediction scoring system (EPSS) score for CVE-2016-6178

CVSS scores for CVE-2016-6178

CWE ids for CVE-2016-6178

References for CVE-2016-6178