Vulnerability CVE-2016-8106 - CERT Civis.Net

Vulnerability Name:

CVE-2016-8106 (CCN-120415)

Assigned:

2016-09-09

Published:

2017-01-09

Updated:

2017-07-27

Summary:

A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2016-8106

Source: CCN
Type: SECTRACK ID: 1037562
Intel Ethernet Controller X710/XL710 Lets Remote Users Deny Service

Source: CCN
Type: IBM Security Bulletin 2002507
Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2017-1298)

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg22002507

Source: CCN
Type: IBM Security Bulletin 2002624 (QRadar Network Security)
A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106)

Source: CCN
Type: IBM Security Bulletin 2002763 (MQ Appliance)
Vulnerability in Intel Ethernet Controller XL710 affects IBM MQ Appliance

Source: BID
Type: Third Party Advisory, VDB Entry
95333

Source: CCN
Type: BID-95333
Multiple Intel Ethernet Controller CVE-2016-8106 Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1037562

Source: XF
Type: UNKNOWN
intel-cve20168106-dos(120415)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378

Source: CCN
Type: INTEL-SA-00063
Intel Ethernet Controller X710 family and Intel® Ethernet Controller XL710 family

Source: CONFIRM
Type: Patch, Vendor Advisory
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20190731-0001/

Source: CONFIRM
Type: Patch, Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-12029

Vulnerable Configuration:

Configuration 1:

cpe:/o:intel:ethernet_controller_x710_firmware:*:*:*:*:*:*:*:* (Version <= 5.04)

AND

cpe:/h:intel:ethernet_controller_x710-am2_sr1zp:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_x710-am2_sr1zq:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_x710-bm2_sllkb:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_x710-bm2_sllkc:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_xl710-am1_sr1zm:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_xl710-am1_sr1zn:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_xl710-am2_sr1zk:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_xl710-am2_sr1zl:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_xl710-bm1_sllk9:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_xl710-bm1_sllka:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_xl710-bm2_sllk7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_controller_xl710-bm2_sllk8:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:intel:ethernet_controller_xl710_firmware:*:*:*:*:*:*:*:* (Version <= 5.04)

AND

cpe:/h:intel:eth_converged_ntwk_adptr_x710-da2_ex710da2g1p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:eth_converged_ntwk_adptr_x710-da4_ex710da4fhg1p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:eth_converged_ntwk_adptr_x710-da4_ex710da4g1p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:eth_converged_ntwk_adptr_xl710-qda1_exl710qda1g1p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:eth_converged_ntwk_adptr_xl710-qda2_exl710qda2g1p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_x710-da2_x710da2:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_x710-da2_x710da2blk:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_x710-da2_x710da2g2p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_x710-da4_x710da4fh:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_x710-da4_x710da4fhblk:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_x710-da4_x710da4fhg2p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_x710-da4_x710da4g2p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_xl710-qda1_xl710qda1:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_xl710-qda1_xl710qda1blk:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_xl710-qda1_xl710qda1g2p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_xl710-qda2_xl710qda2:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_xl710-qda2_xl710qda2blk:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_converged_network_adapter_xl710-qda2_xl710qda2g2p5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_i/o_module_xl710-qda1_axx1p40frtiom:-:*:*:*:*:*:*:*

OR cpe:/h:intel:ethernet_i/o_module_xl710-qda2_axx2p40frtiom:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:hp:ethernet_10gb_2-port_562flr-sfp+:*:*:*:*:*:*:*:*

OR cpe:/a:hp:ethernet_10gb_2-port_562sfp+:*:*:*:*:*:*:*:*

OR cpe:/a:hp:ethernet_10gb_4-port_563sfp+:*:*:*:*:*:*:*:*

OR cpe:/a:hp:proliant_xl260a_g9_server:*:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:lenovo:converged_hx5500_appliance:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:converged_hx5510_appliance:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:converged_hx7500_appliance:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:converged_hx7510_appliance:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:converged_hx_series:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:nextscale_nx360_m5:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:system_x3250_m5:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:system_x3500_m5:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:system_x3550_m5:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:system_x3650_m5:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:system_x3750_m4:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:system_x3850_x6:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:system_x3950_x6:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:thinkagile_cx2200:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:thinkagile_cx4200:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:thinkagile_cx4600:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:thinkserver_rd350:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:thinkserver_rd450:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:thinkserver_rd550:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:thinkserver_rd650:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:thinkserver_sd350:5.05:*:*:*:*:*:*:*

OR cpe:/a:lenovo:thinkserver_td350:5.05:*:*:*:*:*:*:*

Denotes that component is vulnerable