CVE-2016-8786
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
09/03/2018
Last modified:
26/03/2018
Description
Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:huawei:s12700_firmware:v200r005c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s12700_firmware:v200r006c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s12700_firmware:v200r007c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s12700_firmware:v200r008c00:*:*:*:*:*:*:* | ||
| cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s5700_firmware:v200r006c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s5700_firmware:v200r007c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:* | ||
| cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:* | ||
| cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s7700_firmware:v200r001c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s7700_firmware:v200r002c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:s7700_firmware:v200r005c00:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page