CVE-2016-4576

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters."

Published: May 23, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-4576
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
huawei / nip6300_firmware	500r001c00	500r001c00.x
huawei / secospace_usg6500_firmware	500r001c00	500r001c00.x
huawei / secospace_antiddos8000_firmware	500r001c00	500r001c00.x
huawei / usg9500_firmware	500r001c00	500r001c00.x
huawei / secospace_usg6300_firmware	500r001c00	500r001c00.x
huawei / ngfw_module_firmware	500r001c00	500r001c00.x
huawei / secospace_usg6600_firmware	500r001c00	500r001c00.x
huawei / nip6600_firmware	500r001c00	500r001c00.x
huawei / ips_module_firmware	500r001c00	500r001c00.x

Vulnerability Database

289,599

CVE-2016-4576