CVE-2014-8570
high-risk
Published 2017-04-02
Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping.
Do I need to act?
-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
S9303 Firmware
S9303 Firmware
S9303 Firmware
S9306 Firmware
S9306 Firmware
S9306 Firmware
S9306 Firmware
S9306 Firmware
S9312 Firmware
S9312 Firmware
S9312 Firmware
S9312 Firmware
S9312 Firmware
Affected Vendors
References (2)
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/hw-372145
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/hw-372145
52
/ 100
high-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
31/34 · Critical