CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
48.0%
Some Huawei Campus series switches have three heap overflow vulnerabilities. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacker keeps sending such malformed packets, the devices will repeatedly restart, causing a denial of service (DoS) attack (Vulnerability ID: HWPSIRT-2014-0112).
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-4706.
Huawei has provided a fixed version.
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | campus_s3700hi_firmware | v200r001c00spc300 | cpe:2.3:o:huawei:campus_s3700hi_firmware:v200r001c00spc300:*:*:*:*:*:*:* |
huawei | s5700_firmware | v200r001c00spc300 | cpe:2.3:a:huawei:s5700_firmware:v200r001c00spc300:*:*:*:*:*:*:* |
huawei | s3300hi | v200r001c00spc300 | cpe:2.3:h:huawei:s3300hi:v200r001c00spc300:*:*:*:*:*:*:* |
huawei | s5300_firmware | v200r001c00spc300 | cpe:2.3:o:huawei:s5300_firmware:v200r001c00spc300:*:*:*:*:*:*:* |
huawei | s6300_firmware | v200r001c00spc300 | cpe:2.3:o:huawei:s6300_firmware:v200r001c00spc300:*:*:*:*:*:*:* |
huawei | s9300_firmware | v200r001c00spc300 | cpe:2.3:a:huawei:s9300_firmware:v200r001c00spc300:*:*:*:*:*:*:* |
huawei | lsw_s9700_firmware | v200r001c00spc300 | cpe:2.3:o:huawei:lsw_s9700_firmware:v200r001c00spc300:*:*:*:*:*:*:* |
huawei | campus_s5700_firmware | v200r002c00spc100 | cpe:2.3:o:huawei:campus_s5700_firmware:v200r002c00spc100:*:*:*:*:*:*:* |
huawei | s6700_firmware | v200r002c00spc100 | cpe:2.3:o:huawei:s6700_firmware:v200r002c00spc100:*:*:*:*:*:*:* |
huawei | s5300_firmware | v200r002c00spc100 | cpe:2.3:o:huawei:s5300_firmware:v200r002c00spc100:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
48.0%