CVE-2015-8677

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.

Published: Apr 14, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-8677
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
huawei / s5300ei_firmware	v200r003c00	200r003sph011
huawei / s5300ei_firmware	v200r005c00	200r005sph008
huawei / s5300si_firmware	v200r001c00	200r001sph018
huawei / s5300si_firmware	v200r002c00	200r003sph011
huawei / s5310hi_firmware	v200r001c00	200r001sph018
huawei / s5310hi_firmware	v200r002c00	200r003sph011
huawei / s6300ei_firmware	v200r001c00	200r001sph018
huawei / s6300ei_firmware	v200r002c00	200r003sph011
huawei / s5300li_firmware	v200r003c00	200r003sph011
huawei / s5300li_firmware	v200r005c00	200r005sph008
huawei / s5300li_firmware	v200r006c00	200r006sph002
huawei / s2350ei_firmware	v200r003c00	200r003sph011
huawei / s2350ei_firmware	v200r005c00	200r005sph008
huawei / s2350ei_firmware	v200r006c00	200r006sph002
huawei / s9300_firmware	v200r003c00	200r003sph011
huawei / s9300_firmware	v200r005c00	200r005sph009
huawei / s9300_firmware	v200r006c00	200r006sph003
huawei / s9700_firmware	v200r003c00	200r003sph011
huawei / s9700_firmware	v200r005c00	200r005sph009
huawei / s9700_firmware	v200r006c00	200r006sph003
huawei / s7700_firmware	v200r003c00	200r003sph011
huawei / s7700_firmware	v200r005c00	200r005sph009
huawei / s7700_firmware	v200r006c00	200r006sph003
huawei / s5720hi_firmware	v200r006c00	200r006sph002
huawei / s5720ei_firmware	v200r006c00	200r006sph002
huawei / s2300_firmware	v100r006c05	100r006sph022
huawei / s3300_firmware	v100r006c05	100r006sph022

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en

Vulnerability Database

289,697

CVE-2015-8677