Test ID:	1.3.6.1.4.1.25623.1.0.143947
Category:	Huawei
Title:	Huawei Data Communication: Input Validation Vulnerability in Huawei VRP Platform (huawei-sa-20161228-04-vrp)
Summary:	There is an input validation vulnerability in some Huawei devices using VRP.
Description:	Summary: There is an input validation vulnerability in some Huawei devices using VRP. Vulnerability Insight: There is an input validation vulnerability in some Huawei devices using VRP. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage. (Vulnerability ID: HWPSIRT-2016-02011)Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. Vulnerability Impact: An attacker can exploit this vulnerability to make the device display additional memory data, possibly leading to sensitive information leakage. Affected Software/OS: S12700 versions V200R007C00 V200R008C00 S5700 versions V200R007C00 S7700 versions V200R002C00 V200R005C00SPC300 V200R006C00SPC500 V200R007C00 V200R008C00SPC500 S9700 versions V200R007C00 Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-8785 BugTraq ID: 95149 http://www.securityfocus.com/bid/95149
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.