PT-2015-3308 · Huawei · S9700+7
Published
2015-03-19
·
Updated
2017-06-20
·
CVE-2015-2800
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Huawei Campus switches S5700, S5300, S6300, and S6700 versions prior to V200R001SPH012
Huawei Campus switches S7700, S9300, and S9700 versions prior to V200R001SPH015
Description
The issue is related to the user authentication module, which allows remote attackers to cause a denial of service, resulting in a device restart. This is triggered by vectors involving authentication that cause an array access violation. The vulnerability is due to flaws in the authentication procedure, specifically an array initialization issue. Exploitation of this issue can allow a remote attacker to cause a denial of service using authentication vectors that trigger an array access violation.
Recommendations
For Huawei Campus switches S5700, S5300, S6300, and S6700 versions prior to V200R001SPH012, update to version V200R001SPH012 or later.
For Huawei Campus switches S7700, S9300, and S9700 versions prior to V200R001SPH015, update to version V200R001SPH015 or later.
Fix
DoS
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Vrp
S5300
S5700
S6300
S6700
S7700
S9300
S9700