HomePentest-Tools.com Logo

Huawei Data Communication: Input Validation Vulnerability in Multiple Huawei Products (huawei-sa-20160427-01-dns) CVE-2016-4087

Severity
CVSSv3 Score
8.1
Vulnerability description

There is an input validation vulnerability in Multiple Huawei products.

Risk description

There is an input validation vulnerability in Multiple Huawei products, when the debug switch on the device is enabled, an attacker with network access may exploit this vulnerability by crafting malformed DNS packets and sending them to the target device. As for the lacking of input validation, an exploit could allow the attacker to cause a denial of service or remote code execution. (Vulnerability ID: HWPSIRT-2015-12046)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-4087.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. An exploit could allow the attacker to cause a denial of service or remote code execution.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 23, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available