CVE-2016-8802

moderate-risk

Published 2017-04-02

The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (9)

Secospace Usg6300 Firmware

Secospace Usg6500 Firmware

Secospace Usg6600 Firmware

Secospace Usg6300 Firmware

Secospace Usg6500 Firmware

Secospace Usg6600 Firmware

Affected Vendors

Huawei

References (4)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en

Third Party Advisory http://www.securityfocus.com/bid/94538

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en

Third Party Advisory http://www.securityfocus.com/bid/94538

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 15/34 · Moderate