PT-2018-4224 · Huawei · Huawei Netengine16Ex+20
Published
2018-01-30
·
Updated
2018-02-26
·
CVE-2014-4705
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches (affected versions not specified)
Huawei AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers (affected versions not specified)
Huawei WLAN AC6005, AC6605, and ACU2 access controllers (affected versions not specified)
Description
The issue is related to multiple heap-based buffer overflows in the eSap software platform. This can be exploited by remote attackers to cause a denial of service, resulting in a device restart. The attack is carried out via a crafted length field in a packet.
Recommendations
For Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches, at the moment, there is no information about a newer version that contains a fix for this issue.
For Huawei AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers, at the moment, there is no information about a newer version that contains a fix for this issue.
For Huawei WLAN AC6005, AC6605, and ACU2 access controllers, at the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Acu2
Huawei Ar1200
Huawei Ar150
Huawei Ar160
Huawei Ar200
Huawei Ar2200
Huawei Ar3200
Huawei Ar530
Huawei Campus S5300
Huawei Campus S5700
Huawei Campus S6300
Huawei Campus S6700
Huawei Campus S7700
Huawei Campus S9300
Huawei Campus S9700
Huawei Netengine16Ex
Huawei Srg1300
Huawei Srg2300
Huawei Srg3300
Huawei Wlan Ac6005
Huawei Wlan Ac6605