Lucene search

[email protected]CVE-2014-5394

HistoryJan 08, 2018 - 7:29 p.m.

CVE-2014-5394

2018-01-0819:29:00

CWE-200

[email protected]

web.nvd.nist.gov

huawei

campus switches

ssh

enumeration

cve-2014-5394

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.2%

JSON

Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.

CPENameOperatorVersion
huawei:s9300_firmwarehuawei s9300 firmwareeqv200r001c00spc300
huawei:s9300_firmwarehuawei s9300 firmwareeqv200r002c00spc300
huawei:s9300_firmwarehuawei s9300 firmwareeqv200r003c00spc500
huawei:s9300e_firmwarehuawei s9300e firmwareeqv200r001c00spc300
huawei:s9300e_firmwarehuawei s9300e firmwareeqv200r002c00spc300
huawei:s9300e_firmwarehuawei s9300e firmwareeqv200r003c00spc500
huawei:s7700_firmwarehuawei s7700 firmwareeqv200r001c00spc300
huawei:s7700_firmwarehuawei s7700 firmwareeqv200r002c00spc300
huawei:s7700_firmwarehuawei s7700 firmwareeqv200r003c00spc500
huawei:s9700_firmwarehuawei s9700 firmwareeqv200r001c00spc300

CPE	Name	Operator	Version
huawei:s9300_firmware	huawei s9300 firmware	eq	v200r001c00spc300
huawei:s9300_firmware	huawei s9300 firmware	eq	v200r002c00spc300
huawei:s9300_firmware	huawei s9300 firmware	eq	v200r003c00spc500
huawei:s9300e_firmware	huawei s9300e firmware	eq	v200r001c00spc300
huawei:s9300e_firmware	huawei s9300e firmware	eq	v200r002c00spc300
huawei:s9300e_firmware	huawei s9300e firmware	eq	v200r003c00spc500
huawei:s7700_firmware	huawei s7700 firmware	eq	v200r001c00spc300
huawei:s7700_firmware	huawei s7700 firmware	eq	v200r002c00spc300
huawei:s7700_firmware	huawei s7700 firmware	eq	v200r003c00spc500
huawei:s9700_firmware	huawei s9700 firmware	eq	v200r001c00spc300

Rows per page:

1-10 of 281

References

www.huawei.com/us/psirt/security-advisories/2014/hw-362701

www.securityfocus.com/bid/69302

exchange.xforce.ibmcloud.com/vulnerabilities/97763

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.2%

JSON

Related for CVE-2014-5394

prion1 cvelist1 huawei1 nessus1 openvas1