CVE-2015-8084 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2015-8084?

CVE-2015-8084 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8084?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Unified Security Gateway Firmware, Huawei Usg2100, Huawei Usg2200, Huawei Usg5100, Huawei Usg5500.

Vulnerability Description

Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is enabled on an interface, allow remote attackers to cause a denial of service (reboot) via crafted DHCP packets.

CVSS Score

7.1

HIGH

AV:N/AC:M/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Huawei	Unified Security Gateway Firmware	<= v300r001c10
Huawei	Usg2100	All versions
Huawei	Usg2200	All versions
Huawei	Usg5100	All versions
Huawei	Usg5500	All versions

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2015-8084?

CVE-2015-8084 is a vulnerability with a CVSS score of 7.1 (HIGH). Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is en...

How severe is CVE-2015-8084?

CVE-2015-8084 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8084?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Unified Security Gateway Firmware, Huawei Usg2100, Huawei Usg2200, Huawei Usg5100, Huawei Usg5500.