Vulnerability CVE-2014-4190


Published: 2014-06-17

Description:
Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Huawei -> Campus series switch software 
Huawei -> Campus lsw s9700 
Huawei -> Campus s2350 
Huawei -> Campus s2750 
Huawei -> Campus s3300hi 
Huawei -> Campus s3700hi 
Huawei -> Campus s5300 
Huawei -> Campus s5700 
Huawei -> Campus s6300 
Huawei -> Campus s6700 
Huawei -> Campus s7700 
Huawei -> Campus s9300 
Huawei -> Campus s9300e 

 References:
http://www.securityfocus.com/bid/67907
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-343218.htm

Copyright 2024, cxsecurity.com

 

Back to Top