CVE-2016-8276

Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.

CVSS v3 9.8 CRITICAL
CVSS v2.0 9.3 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en	Vendor Advisory
http://www.securityfocus.com/bid/92962	Third Party Advisory VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en	Vendor Advisory
http://www.securityfocus.com/bid/92962	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:huawei:usg2100:v300r001c00:::::::*
	cpe:2.3:a:huawei:usg2100:v300r001c10:::::::*
	cpe:2.3:a:huawei:usg2200:v300r001c00:::::::*
	cpe:2.3:a:huawei:usg2200:v300r001c10:::::::*
	cpe:2.3:a:huawei:usg5100:v300r001c00:::::::*
	cpe:2.3:a:huawei:usg5100:v300r001c10:::::::*
	cpe:2.3:a:huawei:usg5500:v300r001c00:::::::*
	cpe:2.3:a:huawei:usg5500:v300r001c10:::::::*

History

21 Nov 2024, 02:59

Type	Values Removed	Values Added
References	~~() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en - Vendor Advisory~~	() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/92962 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/92962 - Third Party Advisory, VDB Entry

Information

Published : 2016-10-03 21:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-8276

Mitre link : CVE-2016-8276

CVE.ORG link : CVE-2016-8276

JSON object : View

Products Affected

huawei

usg2200
usg5100
usg5500
usg2100

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2016-8276", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2016-10-03T21:59:09.457", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.securityfocus.com/bid/92962", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160914-01-usg-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/92962", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el m\u00f3dulo Point-to-Point Protocol over Ethernet (PPPoE) en gateways de seguridad unificadasHuawei USG2100, USG2200, USG5100 y USG5500 con software en versiones anteriores a V300R001C10SPC600, cuando la autenticaci\u00f3n CHAP est\u00e1 configurada en el servidor, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio del servidor) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes manipulados enviados durante la autenticaci\u00f3n."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:usg2100:v300r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCE35454-78BD-4DCC-AD48-06A1DEA317FC"}, {"criteria": "cpe:2.3:a:huawei:usg2100:v300r001c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBA497E1-93B0-44C9-A9D3-00CF9462FA32"}, {"criteria": "cpe:2.3:a:huawei:usg2200:v300r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFCD0D03-10CD-4CE1-8095-CDEE34C9E484"}, {"criteria": "cpe:2.3:a:huawei:usg2200:v300r001c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55FD4680-95F2-4310-AC8B-8DDB2B9ACE15"}, {"criteria": "cpe:2.3:a:huawei:usg5100:v300r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F00E54-B3A2-4FDD-828A-F212F313A9AC"}, {"criteria": "cpe:2.3:a:huawei:usg5100:v300r001c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10D7FDE1-2567-4F5D-B3BD-B11CF1CAB7ED"}, {"criteria": "cpe:2.3:a:huawei:usg5500:v300r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71C29665-D669-4538-95BB-1080BB93F8C4"}, {"criteria": "cpe:2.3:a:huawei:usg5500:v300r001c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC164C2F-2578-495F-B65C-BDC35695D698"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}

9.8 /10