Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5435

Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.

Published

2016-06-24T17:59:02.517

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

6.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	huawei	huawei_firmware	v5500r001c00	Yes
Hardware	huawei	ips_module	-	No
Hardware	huawei	ngfw_module	-	No
Hardware	huawei	nip6300	-	No
Hardware	huawei	nip6600	-	No
Hardware	huawei	secospace_antiddos8000	-	No
Hardware	huawei	secospace_usg6300	-	No
Hardware	huawei	secospace_usg6500	-	No
Hardware	huawei	secospace_usg6600	-	No
Hardware	huawei	usg9500	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)