VAR-201606-0451
Vulnerability from variot - Updated: 2025-04-12 23:14Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. HuaweiIPSModule and other products are China's Huawei's intrusion prevention and intrusion detection products. A memory leak vulnerability exists in several Huawei products. An attacker can exploit this issue to exhaust memory resources and cause the device to reboot. Huawei USG series, NGFW module, IPS module, NIP series and AntiDDoS8000 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "huawei",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v5500r001c00"
},
{
"model": "ngfw module",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c00"
},
{
"model": "nip6300",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c00"
},
{
"model": "nip6600",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c20spc100"
},
{
"model": "secospace antiddos8000",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c00"
},
{
"model": "secospace usg6300",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c00"
},
{
"model": "secospace usg6500",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c00"
},
{
"model": "usg9500",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c00"
},
{
"model": "secospace antiddos8000",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c20spc100"
},
{
"model": "ips module",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c20spc100"
},
{
"model": "ips module",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c00"
},
{
"model": "ngfw module",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c20spc100"
},
{
"model": "nip6300",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c20spc100"
},
{
"model": "secospace usg6300",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c20spc100"
},
{
"model": "secospace usg6600",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c20spc100"
},
{
"model": "secospace usg6600",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c00"
},
{
"model": "secospace usg6500",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c20spc100"
},
{
"model": "nip6600",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c00"
},
{
"model": "usg9500",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v500r001c20spc100"
},
{
"model": "ips module v500r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ngfw module v500r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "nip6300 v500r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "nip6600 v500r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "secospace usg6300 v500r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "secospace usg6500 v500r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "secospace usg6600 v500r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg9500 v500r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "secospace antiddos8000 v500r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-575"
},
{
"db": "NVD",
"id": "CVE-2016-5435"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:huawei:ips_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:ngfw_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:nip6300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:nip6600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:secospace_antiddos8000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:secospace_usg6300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:secospace_usg6500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:secospace_usg6600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:usg9500",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue",
"sources": [
{
"db": "BID",
"id": "91473"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5435",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5435",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2016-04379",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-94254",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2016-5435",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5435",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5435",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04379",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-575",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94254",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"db": "VULHUB",
"id": "VHN-94254"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-575"
},
{
"db": "NVD",
"id": "CVE-2016-5435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. HuaweiIPSModule and other products are China\u0027s Huawei\u0027s intrusion prevention and intrusion detection products. A memory leak vulnerability exists in several Huawei products. \nAn attacker can exploit this issue to exhaust memory resources and cause the device to reboot. \nHuawei USG series, NGFW module, IPS module, NIP series and AntiDDoS8000 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5435"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"db": "BID",
"id": "91473"
},
{
"db": "VULHUB",
"id": "VHN-94254"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5435",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003345",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-575",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04379",
"trust": 0.6
},
{
"db": "BID",
"id": "91473",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-94254",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"db": "VULHUB",
"id": "VHN-94254"
},
{
"db": "BID",
"id": "91473"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-575"
},
{
"db": "NVD",
"id": "CVE-2016-5435"
}
]
},
"id": "VAR-201606-0451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"db": "VULHUB",
"id": "VHN-94254"
}
],
"trust": 1.255423138181818
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04379"
}
]
},
"last_update_date": "2025-04-12T23:14:09.974000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160615-01-standby",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby-en"
},
{
"title": "Patches for various Huawei product memory leak vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/78292"
},
{
"title": "Multiple Huawei Product memory leak vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62491"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-575"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94254"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"db": "NVD",
"id": "CVE-2016-5435"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5435"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5435"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160615-01-standby-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"db": "VULHUB",
"id": "VHN-94254"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-575"
},
{
"db": "NVD",
"id": "CVE-2016-5435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"db": "VULHUB",
"id": "VHN-94254"
},
{
"db": "BID",
"id": "91473"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-575"
},
{
"db": "NVD",
"id": "CVE-2016-5435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"date": "2016-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-94254"
},
{
"date": "2016-06-15T00:00:00",
"db": "BID",
"id": "91473"
},
{
"date": "2016-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"date": "2016-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-575"
},
{
"date": "2016-06-24T17:59:02.517000",
"db": "NVD",
"id": "CVE-2016-5435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04379"
},
{
"date": "2016-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-94254"
},
{
"date": "2016-06-15T00:00:00",
"db": "BID",
"id": "91473"
},
{
"date": "2016-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003345"
},
{
"date": "2016-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-575"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-575"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-575"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…