CVE-2016-6178

high-risk
Published 2016-08-02

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet.

Do I need to act?

~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (15)

Ne5000E Firmware
Cx600 Firmware
Cx600 Firmware
Cx600 Firmware
Ne40E Firmware
Ne40E Firmware
Ne40E Firmware
Ne40E Firmware
Ptn 6900-2-M8 Firmware
Cx600 Firmware
Ne40E Firmware

Affected Vendors

Huawei

References (4)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-multica...
Third Party Advisory http://www.securityfocus.com/bid/91772
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-multica...
Third Party Advisory http://www.securityfocus.com/bid/91772
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 4/34 · Minimal
Exposure 18/34 · Moderate