CVE-2016-8785 Information

Description

Huawei S12700 V200R007C00 V200R008C00 S5700 V200R007C00 S7700 V200R002C00 V200R005C00 V200R006C00 V200R007C00 V200R008C00 S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation an attacker may craft a malformed packet and send it to the device using VRP causing the device to display additional memory data and possibly leading to sensitive information leakage.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-04-vrp-en http://www.securityfocus.com/bid/95149

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3