Vulnerability Details : CVE-2014-4706
Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with software V200R003C00SPC300; S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S5700 with software V200R001C00SPC300,V200R003C00SPC300; S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S7700 with software V200R001C00SPC300; S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S9300E with software V200R003C00SPC300,V200R003C00SPC500 allow attackers to keep sending malformed packets to cause a denial of service (DoS) attack, aka a heap overflow.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2014-4706
- cpe:2.3:o:huawei:s5300_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300_firmware:v200r002c00spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300_firmware:v200r003c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:v200r003c00spc500:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:v200r003c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r003c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6300_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6300_firmware:v200r003c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6300_firmware:v200r002c00spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6700_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6700_firmware:v200r003c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6700_firmware:v200r002c00spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:campus_s3700hi_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s3300hi_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:lsw_s9700_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:lsw_s9700_firmware:v200r003c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:lsw_s9700_firmware:v200r003c00spc500:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:campus_s5700_firmware:v200r002c00spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:campus_s7700_firmware:v200r003c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:campus_s7700_firmware:v200r003c00spc500:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300e_firmware:v200r003c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300e_firmware:v200r003c00spc500:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2350_firmware:v200r003c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2750_firmware:v200r003c00spc300:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4706
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4706
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2014-4706
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4706
-
http://www.huawei.com/en/psirt/security-advisories/hw-343218
Security Advisory-Multiple Heap Overflow Vulnerabilities in Huawei Campus Series SwitchesVendor Advisory
Jump to