Vulnerability Details : CVE-2016-8802
The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.
Vulnerability category: Overflow
Products affected by CVE-2016-8802
- cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc101:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc101:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc101:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8802
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8802
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:C |
8.0
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2016-8802
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8802
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en
Security Advisory - Buffer Overflow Vulnerability in Huawei Firewall ProductsVendor Advisory
-
http://www.securityfocus.com/bid/94538
Multiple Huawei Secospace Products CVE-2016-8802 Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
Jump to