CVE-2016-8802

Description

The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.

References

Link	Tags
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en	vendor advisory
http://www.securityfocus.com/bid/94538	third party advisory vdb entry

Frequently Asked Questions

What is the severity of CVE-2016-8802?: CVE-2016-8802 has been scored as a medium severity vulnerability.
How to fix CVE-2016-8802?: To fix CVE-2016-8802, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2016-8802 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2016-8802 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2016-8802?: CVE-2016-8802 affects n/a Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions