Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-4576

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

Published

2016-05-23T19:59:09.980

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware huawei nip6300 - No
Operating System huawei nip6300_firmware v500r001c00 Yes
Hardware huawei secospace_usg6500 - No
Operating System huawei secospace_usg6500_firmware v500r001c00 Yes
Hardware huawei secospace_antiddos8000 - No
Operating System huawei secospace_antiddos8000_firmware v500r001c00 Yes
Hardware huawei usg9500 - No
Operating System huawei usg9500_firmware v500r001c00 Yes
Hardware huawei secospace_usg6300 - No
Operating System huawei secospace_usg6300_firmware v500r001c00 Yes
Hardware huawei ngfw_module - No
Operating System huawei ngfw_module_firmware v500r001c00 Yes
Hardware huawei secospace_usg6600 - No
Operating System huawei secospace_usg6600_firmware v500r001c00 Yes
Hardware huawei nip6600 - No
Operating System huawei nip6600_firmware v500r001c00 Yes
Hardware huawei ips_module - No
Operating System huawei ips_module_firmware v500r001c00 Yes
References