CVE-2014-4707

moderate-risk
Published 2017-04-02

Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
ADJACENT_NETWORK / LOW complexity

Affected Products (9)

Campus S7700 Firmware
Campus S9300 Firmware
Campus S9700 Firmware
Campus S9700 Firmware
Campus S7700 Firmware
Campus S7700 Firmware
Campus S9300 Firmware
Campus S9300 Firmware
Campus S9700 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-334629
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-334629
43
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 1/34 · Minimal
Exposure 15/34 · Moderate