Heap Overflow Vulnerability in Huawei Campus S-Series Switches
CVE-2014-4706

7.5HIGH

Key Information:

Vendor: Huawei
Status: Campus S3700hi, S5700, S6700 S3300hi, S5300, S6300, S9300, S7700,lsw S9700,campus S5700, S6700,campus S7700, S9300e, S2350, S2750,s9300,s9300e, Campus S3700hi With Software V200r001c00spc300,campus S5700 With Software V200r002c00spc100,campus S7700 With Software V200r003c00spc300,v200r003c00spc500,lsw S9700 With Software V200r001c00spc300,v200r003c00spc300,v200r003c00spc500,s2350 With Software V200r003c00spc300,s2750 With Software V200r003c00spc300,s5300 With Software V200r001c00spc300,v200r002c00spc100,v200r003c00spc300,s5700 With Software V200r001c00spc300,v200r003c00spc300,s6300 With Software V200r001c00spc300,v200r002c00spc100,v200r003c00spc300,s6700 S3300hi With Software V200r001c00spc300,v200r002c00spc100,v200r003c00spc300,s7700 With Software V200r001c00spc300,s9300 With Software V200r001c00spc300,v200r003c00spc300,v200r003c00spc500,s9300e With Software V200r003c00spc300,v200r003c00spc500,
Vendor: CVE Published:; 2 April 2017

Summary

A vulnerability has been identified in Huawei Campus S-Series switches that allows attackers to send malformed packets causing a denial of service. Specifically, this flaw manifests as a heap overflow, potentially leading to the crash of affected devices. The impacted devices include various models of the S5700, S7700, S9300, and others running specific software versions. Organizations using these switches should ensure timely updates to mitigate this risk.

Affected Version(s)

Campus S3700HI, S5700, S6700 S3300HI, S5300, S6300, S9300, S7700,LSW S9700,Campus S5700, S6700,Campus S7700, S9300E, S2350, S2750,S9300,S9300E, Campus S3700HI with software V200R001C00SPC300,Campus S5700 with software V200R002C00SPC100,Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500,LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S2350 with software V200R003C00SPC300,S2750 with software V200R003C00SPC300,S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S5700 with software V200R001C00SPC300,V200R003C00SPC300,S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S7700 with software V200R001C00SPC300,S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S9300E with software V200R003C00SPC300,V200R003C00SPC500, Campus S3700HI, S5700, S6700 S3300HI, S5300, S6300, S9300, S7700,LSW S9700,Campus S5700, S6700,Campus S7700, S9300E, S2350, S2750,S9300,S9300E, Campus S3700HI with software V200R001C00SPC300,Campus S5700 with software V200R002C00SPC100,Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500,LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S2350 with software V200R003C00SPC300,S2750 with software V200R003C00SPC300,S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S5700 with software V200R001C00SPC300,V200R003C00SPC300,S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300,S7700 with software V200R001C00SPC300,S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500,S9300E with software V200R003C00SPC300,V200R003C00SPC500,

References

http://www.huawei.com/en/psirt/security-advisories/hw-343218

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2017
Vulnerability Reserved
Jul 1, 2014