CVE-2016-5435

low-risk
Published 2016-06-24

Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.

Do I need to act?

-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Huawei Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby...
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby...
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal