PT-2018-4224 · Huawei · Huawei Netengine16Ex+20
Publicado
2018-01-30
·
Atualizado
2018-02-26
·
CVE-2014-4705
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches (affected versions not specified)
Huawei AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers (affected versions not specified)
Huawei WLAN AC6005, AC6605, and ACU2 access controllers (affected versions not specified)
Description
The issue is related to multiple heap-based buffer overflows in the eSap software platform. This can be exploited by remote attackers to cause a denial of service, resulting in a device restart. The attack is carried out via a crafted length field in a packet.
Recommendations
For Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches, at the moment, there is no information about a newer version that contains a fix for this issue.
For Huawei AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers, at the moment, there is no information about a newer version that contains a fix for this issue.
For Huawei WLAN AC6005, AC6605, and ACU2 access controllers, at the moment, there is no information about a newer version that contains a fix for this issue.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei Acu2
Huawei Ar1200
Huawei Ar150
Huawei Ar160
Huawei Ar200
Huawei Ar2200
Huawei Ar3200
Huawei Ar530
Huawei Campus S5300
Huawei Campus S5700
Huawei Campus S6300
Huawei Campus S6700
Huawei Campus S7700
Huawei Campus S9300
Huawei Campus S9700
Huawei Netengine16Ex
Huawei Srg1300
Huawei Srg2300
Huawei Srg3300
Huawei Wlan Ac6005
Huawei Wlan Ac6605