PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-5822 Huawei CVE debrief

CVE-2016-5822 is a denial-of-service vulnerability affecting Huawei OceanStor 5800 systems. According to the CVE description and NVD data, a remote attacker can send a large number of crafted HTTP packets to trigger CPU consumption and cause service disruption. The issue was publicly disclosed on 2017-01-27; NVD later marked the record as modified on 2026-05-13.

Vendor
Huawei
Product
CVE-2016-5822
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-01-27
Original CVE updated
2026-05-13
Advisory published
2017-01-27
Advisory updated
2026-05-13

Who should care

Organizations running Huawei OceanStor 5800 storage systems, especially those exposing the affected HTTP service to untrusted networks, should prioritize this advisory. Security teams responsible for availability and perimeter exposure should treat it as a high-priority service resilience issue.

Technical summary

NVD classifies the weakness as CWE-399 (resource consumption) with a CVSS 3.0 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is remotely reachable over the network and requires no privileges or user interaction. The reported impact is high availability loss through CPU consumption after receiving a large volume of crafted HTTP packets. NVD lists affected OceanStor 5800 V3 builds through version V300R002C10, while the CVE description states remediation before V300R002C10SPC100; that version boundary should be checked against vendor guidance.

Defensive priority

High

Recommended defensive actions

  • Confirm whether any Huawei OceanStor 5800 systems are deployed in your environment and identify the exact firmware/build levels in use.
  • Compare installed versions against the vendor advisory and the NVD affected-version range before scheduling remediation.
  • Apply the Huawei-recommended update or mitigation path referenced in the vendor advisory for OceanStor 5800.
  • Restrict network access to storage management and HTTP-facing interfaces to trusted administrative networks only.
  • Monitor affected devices for abnormal CPU utilization and repeated HTTP traffic patterns that could indicate abuse or service stress.
  • If patching is not immediately possible, reduce exposure by segmenting management access and limiting inbound requests at network controls where feasible.

Evidence notes

The description and vendor/NVD data consistently indicate a remote DoS condition driven by crafted HTTP packets causing CPU consumption. NVD references the Huawei PSIRT advisory (Huawei-SA-20160622-01-OceanStor) and a SecurityFocus entry, and classifies the weakness as CWE-399 with availability-only impact. There is a minor version-boundary difference between the CVE description ('before V300R002C10SPC100') and the NVD CPE range ('through V300R002C10'); use the vendor advisory to resolve the exact fixed build for deployment planning.

Official resources

Publicly disclosed on 2017-01-27. NVD record was last modified on 2026-05-13; that modified date is metadata timing, not the vulnerability's original issue date.