CVE-2016-4577 Information

Description

Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300 USG6500 USG6600 and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet related to \illegitimate parameters.\

CVSS Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160511-01-dns-en http://www.securityfocus.com/bid/90532

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.5