CVE-2016-5234

moderate-risk
Published 2016-06-13

Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054.

Do I need to act?

~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (4)

Vp9600 Series Firmware
Vp9600 Series Firmware
Vp9600 Series Firmware

Affected Vendors

Huawei

References (4)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160601-01-videoco...
http://www.securityfocus.com/bid/90978
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160601-01-videoco...
http://www.securityfocus.com/bid/90978
38
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 4/34 · Minimal
Exposure 10/34 · Low