Vulnerability Description
Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Usg9500 | - |
| Huawei | Usg9500 Firmware | v500r001c00 |
| Huawei | Ngfw Module | - |
| Huawei | Ngfw Module Firmware | v500r001c00 |
| Huawei | Secospace Usg6300 | - |
| Huawei | Secospace Usg6300 Firmware | v500r001c00 |
| Huawei | Secospace Usg6600 | - |
| Huawei | Secospace Usg6600 Firmware | v500r001c00 |
| Huawei | Secospace Usg6500 | - |
| Huawei | Secospace Usg6500 Firmware | v500r001c00 |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-dns-enVendor Advisory
- http://www.securityfocus.com/bid/90532
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-dns-enVendor Advisory
- http://www.securityfocus.com/bid/90532
FAQ
What is CVE-2016-4577?
CVE-2016-4577 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers t...
How severe is CVE-2016-4577?
CVE-2016-4577 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4577?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Usg9500, Huawei Usg9500 Firmware, Huawei Ngfw Module, Huawei Ngfw Module Firmware, Huawei Secospace Usg6300.