Information Leakage in Huawei Networking Equipment
CVE-2014-8570

5.3MEDIUM

Key Information:

Vendor: Huawei
Status: S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300e, S9303e, S9306e, S9312e, S9700, S9703, S9706, S9712,s12708, S12712,5700hi,5300hi, 5710ei,5310ei, 5710hi,5310hi, 6700ei,6300ei S9300, S9303, S9306, S9312 With Software V100r002,s7700, S7703, S7706, S7712 With Software V100r003, V100r006, V200r001, V200r002, V200r003, V200r005,s9300e, S9303e, S9306e, S9312e With Software V200r001,s9700, S9703, S9706, S9712 With Software V200r002, V200r003, V200r005,s12708, S12712 With Software V200r005,5700hi,5300hi With Software V100r006, V200r001, V200r002, V200r003, V200r005,5710ei,5310ei With Software V200r002, V200r003, V200r005,5710hi,5310hi With Software V200r003, V200r005,6700ei,6300ei With Software V200r00
Vendor: CVE Published:; 2 April 2017

Summary

This vulnerability in various Huawei networking devices allows unauthorized access to IP address information associated with different hardware configurations. The issue arises from an unintended interface's support for VRP MPLS LSP Ping, potentially exposing sensitive network data. Network administrators should be aware of these risks and apply necessary security measures to safeguard their infrastructure.

Affected Version(s)

S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00 S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00

References

http://www.huawei.com/en/psirt/security-advisories/hw-372145

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2017
Vulnerability Reserved
Oct 31, 2014