CVE-2016-8797

moderate-risk

Published 2017-04-02

Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion.

Do I need to act?

0.28% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Ar3200 Firmware

S12700 Firmware

S5300 Firmware

S6700 Firmware

S7700 Firmware

S9300 Firmware

S9700 Firmware

Ar3200 Firmware

S12700 Firmware

S5300 Firmware

S5700 Firmware

S6300 Firmware

S6700 Firmware

S7700 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160608-01-mpls-en

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 21/34 · High