Lucene search

Huawei TechnologiesHUAWEI-SA-20140604-01-CAMPUS

HistoryJun 04, 2014 - 12:00 a.m.

Security Advisory-Multiple Heap Overflow Vulnerabilities in Huawei Campus Series Switches

2014-06-0400:00:00

Huawei Technologies

www.huawei.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.0%

JSON

Some Huawei Campus series switches have three heap overflow vulnerabilities. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacker keeps sending such malformed packets, the devices will repeatedly restart, causing a denial of service (DoS) attack (Vulnerability ID: HWPSIRT-2014-0112).

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-4706.

Huawei has provided a fixed version.

Affected configurations

Vulners

Node

huaweicampus_s3700hi_firmwareMatchv200r001c00spc300

huaweis5700_firmwareMatchv200r001c00spc300

huaweis3300hiMatchv200r001c00spc300

huaweis5300_firmwareMatchv200r001c00spc300

huaweis6300_firmwareMatchv200r001c00spc300

huaweis9300_firmwareMatchv200r001c00spc300

huaweilsw_s9700_firmwareMatchv200r001c00spc300

huaweicampus_s5700_firmwareMatchv200r002c00spc100

huaweis6700_firmwareMatchv200r002c00spc100

huaweis5300_firmwareMatchv200r002c00spc100

huaweis6300_firmwareMatchv200r002c00spc100

huaweicampus_s7700_firmwareMatchv200r003c00spc300

huaweis9300_firmwareMatchv200r003c00spc300

huaweis9300e_firmwareMatchv200r003c00spc300

huaweis5300_firmwareMatchv200r003c00spc300

huaweis5700_firmwareMatchv200r003c00spc300

huaweis6300_firmwareMatchv200r003c00spc300

huaweis6700_firmwareMatchv200r003c00spc300

huaweis2350_firmwareMatchv200r003c00spc300

huaweilsw_s9700_firmwareMatchv200r003c00spc300

huaweicampus_s7700_firmwareMatchv200r003c00spc500

huaweis9300_firmwareMatchv200r003c00spc500

huaweilsw_s9700_firmwareMatchv200r003c00spc500

VendorProductVersionCPE
huaweicampus_s3700hi_firmwarev200r001c00spc300cpe:2.3:o:huawei:campus_s3700hi_firmware:v200r001c00spc300:*:*:*:*:*:*:*
huaweis5700_firmwarev200r001c00spc300cpe:2.3:a:huawei:s5700_firmware:v200r001c00spc300:*:*:*:*:*:*:*
huaweis3300hiv200r001c00spc300cpe:2.3:h:huawei:s3300hi:v200r001c00spc300:*:*:*:*:*:*:*
huaweis5300_firmwarev200r001c00spc300cpe:2.3:o:huawei:s5300_firmware:v200r001c00spc300:*:*:*:*:*:*:*
huaweis6300_firmwarev200r001c00spc300cpe:2.3:o:huawei:s6300_firmware:v200r001c00spc300:*:*:*:*:*:*:*
huaweis9300_firmwarev200r001c00spc300cpe:2.3:a:huawei:s9300_firmware:v200r001c00spc300:*:*:*:*:*:*:*
huaweilsw_s9700_firmwarev200r001c00spc300cpe:2.3:o:huawei:lsw_s9700_firmware:v200r001c00spc300:*:*:*:*:*:*:*
huaweicampus_s5700_firmwarev200r002c00spc100cpe:2.3:o:huawei:campus_s5700_firmware:v200r002c00spc100:*:*:*:*:*:*:*
huaweis6700_firmwarev200r002c00spc100cpe:2.3:o:huawei:s6700_firmware:v200r002c00spc100:*:*:*:*:*:*:*
huaweis5300_firmwarev200r002c00spc100cpe:2.3:o:huawei:s5300_firmware:v200r002c00spc100:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	campus_s3700hi_firmware	v200r001c00spc300	cpe:2.3:o:huawei:campus_s3700hi_firmware:v200r001c00spc300:::::::*
huawei	s5700_firmware	v200r001c00spc300	cpe:2.3:a:huawei:s5700_firmware:v200r001c00spc300:::::::*
huawei	s3300hi	v200r001c00spc300	cpe:2.3:h:huawei:s3300hi:v200r001c00spc300:::::::*
huawei	s5300_firmware	v200r001c00spc300	cpe:2.3:o:huawei:s5300_firmware:v200r001c00spc300:::::::*
huawei	s6300_firmware	v200r001c00spc300	cpe:2.3:o:huawei:s6300_firmware:v200r001c00spc300:::::::*
huawei	s9300_firmware	v200r001c00spc300	cpe:2.3:a:huawei:s9300_firmware:v200r001c00spc300:::::::*
huawei	lsw_s9700_firmware	v200r001c00spc300	cpe:2.3:o:huawei:lsw_s9700_firmware:v200r001c00spc300:::::::*
huawei	campus_s5700_firmware	v200r002c00spc100	cpe:2.3:o:huawei:campus_s5700_firmware:v200r002c00spc100:::::::*
huawei	s6700_firmware	v200r002c00spc100	cpe:2.3:o:huawei:s6700_firmware:v200r002c00spc100:::::::*
huawei	s5300_firmware	v200r002c00spc100	cpe:2.3:o:huawei:s5300_firmware:v200r002c00spc100:::::::*

Rows per page:

1-10 of 231

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.0%

JSON

Related for HUAWEI-SA-20140604-01-CAMPUS