CVE-2016-8782

moderate-risk

Published 2018-03-09

Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (5)

Cloudengine 12800 Firmware

Affected Vendors

Huawei

References (4)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en

Third Party Advisory http://www.securityfocus.com/bid/94941

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en

Third Party Advisory http://www.securityfocus.com/bid/94941

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 12/34 · Low