CVE-2014-4706

moderate-risk
Published 2017-04-02

Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S2350 with software V200R003C00SPC300; S2750 with software V200R003C00SPC300; S5300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S5700 with software V200R001C00SPC300,V200R003C00SPC300; S6300 with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S6700 S3300HI with software V200R001C00SPC300,V200R002C00SPC100,V200R003C00SPC300; S7700 with software V200R001C00SPC300; S9300 with software V200R001C00SPC300,V200R003C00SPC300,V200R003C00SPC500; S9300E with software V200R003C00SPC300,V200R003C00SPC500 allow attackers to keep sending malformed packets to cause a denial of service (DoS) attack, aka a heap overflow.

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Campus S3700Hi Firmware
Campus S5700 Firmware
S5300 Firmware
Campus S7700 Firmware
S5300 Firmware
S6300 Firmware
S2350 Firmware
S2750 Firmware
Lsw S9700 Firmware
Campus S7700 Firmware
Lsw S9700 Firmware
S3300Hi Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-343218
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-343218
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 22/34 · High