CVE-2014-4705

high-risk

Published 2018-01-30

Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.

Do I need to act?

0.31% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

S9300 Firmware

S9700 Firmware

S7700 Firmware

S5300 Firmware

S5700 Firmware

S6300 Firmware

S6700 Firmware

Affected Vendors

Huawei

References (4)

Permissions Required http://secunia.com/advisories/59349

Vendor Advisory http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/h...

Permissions Required http://secunia.com/advisories/59349

Vendor Advisory http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/h...

/ 100

high-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 31/34 · Critical