Vulnerabilities > CVE-2016-5435 - Resource Management Errors vulnerability in Huawei Firmware V5500R001C00

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

huawei

CWE-399

NVD

Published: 2016-06-24

Updated: 2016-06-28

Summary

Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet.

Vulnerable Configurations

Part	Description	Count
Hardware	Huawei Huawei Huawei Firmware V5500R001C00 Huawei IPS Module - Huawei Ngfw Module - Huawei Nip6300 - Huawei Nip6600 - Huawei Secospace Antiddos8000 - Huawei Secospace Usg6300 - Huawei Secospace Usg6500 - Huawei Secospace Usg6600 - Huawei Usg9500 -	10

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby-en