CVE-2016-8276 — CRITICAL (9.8)

Vulnerability Description

Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Usg2100	v300r001c00
Huawei	Usg2200	v300r001c00
Huawei	Usg5100	v300r001c00
Huawei	Usg5500	v300r001c00

Related Weaknesses (CWE)

CWE-119

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-enVendor Advisory
http://www.securityfocus.com/bid/92962Third Party AdvisoryVDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-enVendor Advisory
http://www.securityfocus.com/bid/92962Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-8276?

CVE-2016-8276 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP...

How severe is CVE-2016-8276?

CVE-2016-8276 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-8276?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Usg2100, Huawei Usg2200, Huawei Usg5100, Huawei Usg5500.