CVE-2016-5435 — MEDIUM (5.9)

Vulnerability Description

Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Huawei Firmware	v5500r001c00
Huawei	Ips Module	-
Huawei	Ngfw Module	-
Huawei	Nip6300	-
Huawei	Nip6600	-
Huawei	Secospace Antiddos8000	-
Huawei	Secospace Usg6300	-
Huawei	Secospace Usg6500	-
Huawei	Secospace Usg6600	-
Huawei	Usg9500	-

Related Weaknesses (CWE)

CWE-399

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standbyVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standbyVendor Advisory

FAQ

What is CVE-2016-5435?

CVE-2016-5435 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking...

How severe is CVE-2016-5435?

CVE-2016-5435 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5435?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Huawei Firmware, Huawei Ips Module, Huawei Ngfw Module, Huawei Nip6300, Huawei Nip6600.