Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-8677

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.

Published

2016-04-14T15:59:03.857

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	s5300ei_firmware	< v200r003sph011	Yes
Operating System	huawei	s5300ei_firmware	< v200r005sph008	Yes
Hardware	huawei	s5300ei	-	No
Operating System	huawei	s5300si_firmware	< v200r001sph018	Yes
Operating System	huawei	s5300si_firmware	< v200r003sph011	Yes
Hardware	huawei	s5300si	-	No
Operating System	huawei	s5310hi_firmware	< v200r001sph018	Yes
Operating System	huawei	s5310hi_firmware	< v200r003sph011	Yes
Hardware	huawei	s5310hi	-	No
Operating System	huawei	s6300ei_firmware	< v200r001sph018	Yes
Operating System	huawei	s6300ei_firmware	< v200r003sph011	Yes
Hardware	huawei	s6300ei	-	No
Operating System	huawei	s5300li_firmware	< v200r003sph011	Yes
Operating System	huawei	s5300li_firmware	< v200r005sph008	Yes
Operating System	huawei	s5300li_firmware	< v200r006sph002	Yes
Hardware	huawei	s5300li	-	No
Operating System	huawei	s2350ei_firmware	< v200r003sph011	Yes
Operating System	huawei	s2350ei_firmware	< v200r005sph008	Yes
Operating System	huawei	s2350ei_firmware	< v200r006sph002	Yes
Hardware	huawei	s2350ei	-	No
Operating System	huawei	s9300_firmware	< v200r003sph011	Yes
Operating System	huawei	s9300_firmware	< v200r005sph009	Yes
Operating System	huawei	s9300_firmware	< v200r006sph003	Yes
Hardware	huawei	s9300	-	No
Operating System	huawei	s9700_firmware	< v200r003sph011	Yes
Operating System	huawei	s9700_firmware	< v200r005sph009	Yes
Operating System	huawei	s9700_firmware	< v200r006sph003	Yes
Hardware	huawei	s9700	-	No
Operating System	huawei	s7700_firmware	< v200r003sph011	Yes
Operating System	huawei	s7700_firmware	< v200r005sph009	Yes
Operating System	huawei	s7700_firmware	< v200r006sph003	Yes
Hardware	huawei	s7700	-	No
Operating System	huawei	s5720hi_firmware	< v200r006sph002	Yes
Hardware	huawei	s5720hi	-	No
Operating System	huawei	s5720ei_firmware	< v200r006sph002	Yes
Hardware	huawei	s5720ei	-	No
Operating System	huawei	s2300_firmware	< v100r006sph022	Yes
Hardware	huawei	s2300	-	No
Operating System	huawei	s3300_firmware	< v100r006sph022	Yes
Hardware	huawei	s3300	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)