CVE-2016-8773

high-risk

Published 2017-04-02

Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets.

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

S12700 Firmware

S5300 Firmware

S5700 Firmware

S6300 Firmware

S6700 Firmware

S7700 Firmware

S9300 Firmware

S9700 Firmware

S12700 Firmware

S5300 Firmware

Affected Vendors

Huawei

References (4)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-en

Third Party Advisory http://www.securityfocus.com/bid/94285

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161111-01-mpls-en

Third Party Advisory http://www.securityfocus.com/bid/94285

/ 100

high-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 24/34 · High