9.8

CVE-2016-8276

Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HuaweiUsg2100 Versionv300r001c00
HuaweiUsg2100 Versionv300r001c10
HuaweiUsg2200 Versionv300r001c00
HuaweiUsg2200 Versionv300r001c10
HuaweiUsg5100 Versionv300r001c00
HuaweiUsg5100 Versionv300r001c10
HuaweiUsg5500 Versionv300r001c00
HuaweiUsg5500 Versionv300r001c10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.98% 0.853
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/92962
Third Party Advisory
VDB Entry