Heap-based Buffer Overflow in Huawei Networking Products
CVE-2014-4705

7.5HIGH

Key Information:

Vendor: Huawei
Status: S9300 Firmware
Vendor: CVE Published:; 30 January 2018

What is CVE-2014-4705?

Multiple heap-based buffer overflow vulnerabilities exist in the eSap software platform utilized by various Huawei switches, routers, and access controllers. An attacker can exploit these vulnerabilities by sending specially crafted packets, which may lead to denial of service by forcing the affected device to restart. This impacts a wide range of devices across different series, highlighting the need for prompt updates and protective measures.

References

http://secunia.com/advisories/59349

third-party-advisoryx_refsource_SECUNIA

http://www.huawei.com/en/security/psirt/security-bulletin...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2018
Vulnerability Reserved
Jul 1, 2014