Lucene search

[email protected]CVE-2014-4707

HistoryApr 02, 2017 - 8:59 p.m.

CVE-2014-4707

2017-04-0220:59:00

CWE-284

[email protected]

web.nvd.nist.gov

cve-2014-4707

huawei

campus

s7700

s9300

s9700

software

unauthorized access

upgrade

bypass

menu compromise

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism.

Affected configurations

NVD

Node

huaweicampus_s7700_firmwareMatchv200r001c00spc300

huaweicampus_s7700_firmwareMatchv200r002c00spc100

huaweicampus_s7700_firmwareMatchv200r003c00spc300

AND

huaweicampus_s7700Match-

Node

huaweicampus_s9300_firmwareMatchv200r001c00spc300

huaweicampus_s9300_firmwareMatchv200r002c00spc100

huaweicampus_s9300_firmwareMatchv200r003c00spc300

AND

huaweicampus_s9300Match-

Node

huaweicampus_s9700_firmwareMatchv200r001c00spc300

huaweicampus_s9700_firmwareMatchv200r002c00spc100

huaweicampus_s9700_firmwareMatchv200r003c00spc300

AND

huaweicampus_s9700Match-

CPENameOperatorVersion
huawei:campus_s7700_firmwarehuawei campus s7700 firmwareeqv200r001c00spc300
huawei:campus_s7700_firmwarehuawei campus s7700 firmwareeqv200r002c00spc100
huawei:campus_s7700_firmwarehuawei campus s7700 firmwareeqv200r003c00spc300

CPE	Name	Operator	Version
huawei:campus_s7700_firmware	huawei campus s7700 firmware	eq	v200r001c00spc300
huawei:campus_s7700_firmware	huawei campus s7700 firmware	eq	v200r002c00spc100
huawei:campus_s7700_firmware	huawei campus s7700 firmware	eq	v200r003c00spc300

CNA Affected

[
  {
    "product": "S7700,S9300,S9700 S7700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300,S9300 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300,S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300,",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "S7700,S9300,S9700 S7700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300,S9300 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300,S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300,"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/hw-334629

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Related for CVE-2014-4707

huawei1 prion1 cvelist1 nessus1 nvd1