Details of VAR-201704-0386

ID

VAR-201704-0386

CVE

CVE-2014-4707

TITLE

plural Huawei Campus Vulnerability related to access control in product software

Trust: 0.8

sources: JVNDB: JVNDB-2014-008285

DESCRIPTION

Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism. Huawei Campus S7700 , S9300 and S9700 Software contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei CampusS7700 is an enterprise-class campus switch of China Huawei. There are security vulnerabilities in Huawei's CampusS7700, S9300, and S9700 switches. The following products and versions are affected: Huawei S7700 V200R001C00SPC300 Version, V200R002C00SPC100 Version, V200R003C00SPC300 Version; S9300 V200R001C00SPC300 Version, V200R002C00SPC100 Version, V200R003C00SPC300 Version; S9700 V200R001C00SPC300 Version, V200R002C00SPC100 Version, V200R003C00SPC300 Version

Trust: 2.25

sources: NVD: CVE-2014-4707 // JVNDB: JVNDB-2014-008285 // CNVD: CNVD-2017-04632 // VULHUB: VHN-72648

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04632

AFFECTED PRODUCTS

vendor:	huawei	model:	campus s7700	scope:	eq	version:	v200r001c00spc300	Trust: 2.4
vendor:	huawei	model:	campus s7700	scope:	eq	version:	v200r002c00spc100	Trust: 2.4
vendor:	huawei	model:	campus s7700	scope:	eq	version:	v200r003c00spc300	Trust: 2.4
vendor:	huawei	model:	campus s9300	scope:	eq	version:	v200r001c00spc300	Trust: 2.4
vendor:	huawei	model:	campus s9300	scope:	eq	version:	v200r002c00spc100	Trust: 2.4
vendor:	huawei	model:	campus s9300	scope:	eq	version:	v200r003c00spc300	Trust: 2.4
vendor:	huawei	model:	campus s9700	scope:	eq	version:	v200r001c00spc300	Trust: 2.4
vendor:	huawei	model:	campus s9700	scope:	eq	version:	v200r002c00spc100	Trust: 2.4
vendor:	huawei	model:	campus s9700	scope:	eq	version:	v200r003c00spc300	Trust: 2.4
vendor:	huawei	model:	s7700 v200r001c00spc300	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s7700 v200r002c00spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s7700 v200r003c00spc300	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9300 v200r001c00spc300	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9300 v200r002c00spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9300 v200r003c00spc300	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9700 v200r001c00spc300	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9700 v200r002c00spc100	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s9700 v200r003c00spc300	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-04632 // JVNDB: JVNDB-2014-008285 // CNNVD: CNNVD-201704-209 // NVD: CVE-2014-4707

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4707
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-4707
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-04632
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-209
value:	HIGH
Trust: 0.6
VULHUB:	VHN-72648
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-4707
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04632
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:C/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-72648
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-4707
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04632 // VULHUB: VHN-72648 // JVNDB: JVNDB-2014-008285 // CNNVD: CNNVD-201704-209 // NVD: CVE-2014-4707

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.9

sources: VULHUB: VHN-72648 // JVNDB: JVNDB-2014-008285 // NVD: CVE-2014-4707

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-209

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-209

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008285

PATCH

title:	Huawei-SA-20140507-01-Campus Switch	url:	http://www.huawei.com/en/psirt/security-advisories/hw-334629	Trust: 0.8
title:	Huawei CampusS7700/S9300/S9700 switch security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/91944	Trust: 0.6
title:	Huawei Campus S7700 , S9300 and S9700 Repair measures for switch security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69055	Trust: 0.6

sources: CNVD: CNVD-2017-04632 // JVNDB: JVNDB-2014-008285 // CNNVD: CNNVD-201704-209

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4707	Trust: 3.1
db:	JVNDB	id:	JVNDB-2014-008285	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-209	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04632	Trust: 0.6
db:	VULHUB	id:	VHN-72648	Trust: 0.1

sources: CNVD: CNVD-2017-04632 // VULHUB: VHN-72648 // JVNDB: JVNDB-2014-008285 // CNNVD: CNNVD-201704-209 // NVD: CVE-2014-4707

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/hw-334629	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4707	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4707	Trust: 0.8

sources: CNVD: CNVD-2017-04632 // VULHUB: VHN-72648 // JVNDB: JVNDB-2014-008285 // CNNVD: CNNVD-201704-209 // NVD: CVE-2014-4707

SOURCES

db:	CNVD	id:	CNVD-2017-04632
db:	VULHUB	id:	VHN-72648
db:	JVNDB	id:	JVNDB-2014-008285
db:	CNNVD	id:	CNNVD-201704-209
db:	NVD	id:	CVE-2014-4707

LAST UPDATE DATE

2024-11-23T22:52:31.735000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04632	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-72648	date:	2017-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-008285	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-209	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2014-4707	date:	2024-11-21T02:10:45.477

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04632	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-72648	date:	2017-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-008285	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-209	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2014-4707	date:	2017-04-02T20:59:00.343