CVE-2016-8276

Опубликовано: 03 окт. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 9.3

EPSS Низкий

Описание

Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en
Vendor Advisory
http://www.securityfocus.com/bid/92962
Third Party Advisory
VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en
Vendor Advisory
http://www.securityfocus.com/bid/92962
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:huawei:usg2100:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:a:huawei:usg2100:v300r001c10:*:*:*:*:*:*:*

cpe:2.3:a:huawei:usg2200:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:a:huawei:usg2200:v300r001c10:*:*:*:*:*:*:*

cpe:2.3:a:huawei:usg5100:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:a:huawei:usg5100:v300r001c10:*:*:*:*:*:*:*

cpe:2.3:a:huawei:usg5500:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:a:huawei:usg5500:v300r001c10:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02978

Низкий

9.8 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-qc5q-fcgw-r7h9