CVE-2014-9137
moderate-risk
Published 2017-04-02
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (8)
Fusionmanager
Usg2100 Firmware
Usg5500 Firmware
Fusionmanager
Usg2200 Firmware
Usg5100 Firmware
Affected Vendors
References (2)
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/hw-372186
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/hw-372186
44
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
0/34 · Minimal
Exposure
14/34 · Moderate