Strix
26.1K

CVE-2015-8677

UnknownEPSS 1.11%

Last modified

CVE-2015-8677 is a vulnerability of currently unknown severity. Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.. EPSS estimates a 1.11% chance of exploitation in the next 30 days.

Description

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.

Metrics

EPSS Probability
1.11%

61.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiS5300ei Firmware>= v200r003c00, < v200r003sph011
HuaweiS5300ei Firmware>= v200r005c00, < v200r005sph008
HuaweiS5300si Firmware>= v200r001c00, < v200r001sph018
HuaweiS5300si Firmware>= v200r002c00, < v200r003sph011
HuaweiS5310hi Firmware>= v200r001c00, < v200r001sph018
HuaweiS5310hi Firmware>= v200r002c00, < v200r003sph011
HuaweiS6300ei Firmware>= v200r001c00, < v200r001sph018
HuaweiS6300ei Firmware>= v200r002c00, < v200r003sph011
HuaweiS5300li Firmware>= v200r003c00, < v200r003sph011
HuaweiS5300li Firmware>= v200r005c00, < v200r005sph008
HuaweiS5300li Firmware>= v200r006c00, < v200r006sph002
HuaweiS2350ei Firmware>= v200r003c00, < v200r003sph011
HuaweiS2350ei Firmware>= v200r005c00, < v200r005sph008
HuaweiS2350ei Firmware>= v200r006c00, < v200r006sph002
HuaweiS9300 Firmware>= v200r003c00, < v200r003sph011
HuaweiS9300 Firmware>= v200r005c00, < v200r005sph009
HuaweiS9300 Firmware>= v200r006c00, < v200r006sph003
HuaweiS9700 Firmware>= v200r003c00, < v200r003sph011
HuaweiS9700 Firmware>= v200r005c00, < v200r005sph009
HuaweiS9700 Firmware>= v200r006c00, < v200r006sph003
HuaweiS7700 Firmware>= v200r003c00, < v200r003sph011
HuaweiS7700 Firmware>= v200r005c00, < v200r005sph009
HuaweiS7700 Firmware>= v200r006c00, < v200r006sph003
HuaweiS5720hi Firmware>= v200r006c00, < v200r006sph002
HuaweiS5720ei Firmware>= v200r006c00, < v200r006sph002
HuaweiS2300 Firmware>= v100r006c05, < v100r006sph022
HuaweiS3300 Firmware>= v100r006c05, < v100r006sph022

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-8677?
Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.
How severe is CVE-2015-8677?
Severity scoring for CVE-2015-8677 is pending analysis. The EPSS model estimates a 1.11% probability of exploitation in the next 30 days.
How do I fix CVE-2015-8677?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-8677?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST