CVE & CISA-KEV Catalog

CVE-2015-8677

MEDIUM
6.5
CVSS v3
NVD

Description

Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information.

How to fix

Remediation Available
s2300 firmwareNVD
Affected:>= v100r006c05, < v100r006sph022Fixed in:v100r006sph022CVE-2015-8677derived from NVD
s2350ei firmwareNVD
Affected:>= v200r006c00, < v200r006sph002Fixed in:v200r006sph002CVE-2015-8677derived from NVD
s3300 firmwareNVD
Affected:>= v100r006c05, < v100r006sph022Fixed in:v100r006sph022CVE-2015-8677derived from NVD
s5300ei firmwareNVD
Affected:>= v200r005c00, < v200r005sph008Fixed in:v200r005sph008CVE-2015-8677derived from NVD
s5300li firmwareNVD
Affected:>= v200r006c00, < v200r006sph002Fixed in:v200r006sph002CVE-2015-8677derived from NVD
s5300si firmwareNVD
Affected:>= v200r002c00, < v200r003sph011Fixed in:v200r003sph011CVE-2015-8677derived from NVD
s5310hi firmwareNVD
Affected:>= v200r002c00, < v200r003sph011Fixed in:v200r003sph011CVE-2015-8677derived from NVD
s5720ei firmwareNVD
Affected:>= v200r006c00, < v200r006sph002Fixed in:v200r006sph002CVE-2015-8677derived from NVD
s5720hi firmwareNVD
Affected:>= v200r006c00, < v200r006sph002Fixed in:v200r006sph002CVE-2015-8677derived from NVD
s6300ei firmwareNVD
Affected:>= v200r002c00, < v200r003sph011Fixed in:v200r003sph011CVE-2015-8677derived from NVD
s7700 firmwareNVD
Affected:>= v200r006c00, < v200r006sph003Fixed in:v200r006sph003CVE-2015-8677derived from NVD
s9300 firmwareNVD
Affected:>= v200r006c00, < v200r006sph003Fixed in:v200r006sph003CVE-2015-8677derived from NVD
s9700 firmwareNVD
Affected:>= v200r006c00, < v200r006sph003Fixed in:v200r006sph003CVE-2015-8677derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

1.11%probability of exploitation in 30 days
62ndpercentile

Moderate risk: more likely to be exploited than 62% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-399 (Resource Management Errors) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2009-3103High10.090%--
CVE-2009-0075High9.385%--
CVE-2005-1790Low2.683%--
CVE-2010-0806High8.882%KEV-
CVE-2009-2526High7.882%--
CVE-2015-1868High7.882%-Fix
Embed a live status badge for CVE-2015-8677
CVE-2015-8677 severity badge

Markdown

[![CVE-2015-8677](https://tridentstack.com/cve/badge/CVE-2015-8677.svg)](https://tridentstack.com/cve/CVE-2015-8677)

HTML

<a href="https://tridentstack.com/cve/CVE-2015-8677"><img src="https://tridentstack.com/cve/badge/CVE-2015-8677.svg" alt="CVE-2015-8677"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-06.