Sign-up

ID

VAR-201704-0437


CVE

CVE-2014-3223


TITLE

plural Huawei Data processing vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2014-008274

DESCRIPTION

Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packets. The vulnerability causes the restart of switches. plural Huawei The product contains a data processing vulnerability.Denial of service (DoS) An attack could be made. The S9300, S2300, S3300, S5300, and S6300 are various types of switches introduced by Huawei. An attacker could exploit this vulnerability to reboot the device. The following products and versions are affected: Huawei S9300 V100R006C00SPC500 Version, V100R006C00SPC800 Version; S2300 V100R006C00SPC800 Version, V100R006C01SPC100 Version, V100R006C03 Version; S3300 V100R006C00SPC800 Version, V100R006C01SPC100 Version, V100R006C03 Version; S5300 V100R006C00SPC800 Version, V100R006C01SPC100 Version, V100R006C03 Version; S6300 V100R006C00SPC800 Version, V100R006C01SPC100 The version is V100R006C03

Trust: 2.25

sources: NVD: CVE-2014-3223 // JVNDB: JVNDB-2014-008274 // CNVD: CNVD-2017-05108 // VULHUB: VHN-71162

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05108

AFFECTED PRODUCTS

vendor:huaweimodel:s3300scope:eqversion:v100r006c00spc800

Trust: 1.6

vendor:huaweimodel:s3300scope:eqversion:v100r006c03

Trust: 1.6

vendor:huaweimodel:s2300scope:eqversion:v100r006c03

Trust: 1.6

vendor:huaweimodel:s2300scope:eqversion:v100r006c00spc800

Trust: 1.6

vendor:huaweimodel:s3300scope:eqversion:v100r006c01spc100

Trust: 1.6

vendor:huaweimodel:s9300scope:eqversion:v100r006c00spc800

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v100r006c01spc100

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v100r006c03

Trust: 1.6

vendor:huaweimodel:s9300scope:eqversion:v100r006c00spc500

Trust: 1.6

vendor:huaweimodel:s2300scope:eqversion:v100r006c01spc100

Trust: 1.6

vendor:huaweimodel:s6300scope:eqversion:v100r006c03

Trust: 1.0

vendor:huaweimodel:s5300scope:eqversion:v100r006c00spc800

Trust: 1.0

vendor:huaweimodel:s6300scope:eqversion:v100r006c01spc100

Trust: 1.0

vendor:huaweimodel:s6300scope:eqversion:v100r006c00spc800

Trust: 1.0

vendor:huaweimodel:s2300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s3300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s2300 v100r006c00spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v100r006c01spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v100r006c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v100r006c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v100r006c00spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v100r006c00spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v100r006c01spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v100r006c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3300 v100r006c00spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3300 v100r006c01spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3300 v100r006c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v100r006c00spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v100r006c01spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v100r006c03scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-05108 // JVNDB: JVNDB-2014-008274 // CNNVD: CNNVD-201704-213 // NVD: CVE-2014-3223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3223
value: HIGH

Trust: 1.0

NVD: CVE-2014-3223
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-05108
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-213
value: HIGH

Trust: 0.6

VULHUB: VHN-71162
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3223
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05108
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71162
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-3223
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-05108 // VULHUB: VHN-71162 // JVNDB: JVNDB-2014-008274 // CNNVD: CNNVD-201704-213 // NVD: CVE-2014-3223

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.9

sources: VULHUB: VHN-71162 // JVNDB: JVNDB-2014-008274 // NVD: CVE-2014-3223

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-213

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-213

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008274

PATCH
title:Huawei-SA-20140317-01url:http://www.huawei.com/en/psirt/security-advisories/hw-329625
Trust: 0.8
title:Huawei switch Y.1731 denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/92443
Trust: 0.6
title:Repair measures for various Huawei switch security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69059
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05108 // 
            
            
            
            JVNDB: JVNDB-2014-008274 // 
            
            
            
            CNNVD: CNNVD-201704-213

EXTERNAL IDS
db:NVDid:CVE-2014-3223
Trust: 3.1
db:JVNDBid:JVNDB-2014-008274
Trust: 0.8
db:CNNVDid:CNNVD-201704-213
Trust: 0.7
db:CNVDid:CNVD-2017-05108
Trust: 0.6
db:VULHUBid:VHN-71162
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05108 // 
            
            
            
            VULHUB: VHN-71162 // 
            
            
            
            JVNDB: JVNDB-2014-008274 // 
            
            
            
            CNNVD: CNNVD-201704-213 // 
            
            
            
            NVD: CVE-2014-3223

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-329625
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3223
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-3223
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-05108 // 
            
            
            
            VULHUB: VHN-71162 // 
            
            
            
            JVNDB: JVNDB-2014-008274 // 
            
            
            
            CNNVD: CNNVD-201704-213 // 
            
            
            
            NVD: CVE-2014-3223

SOURCES
db:CNVDid:CNVD-2017-05108
db:VULHUBid:VHN-71162
db:JVNDBid:JVNDB-2014-008274
db:CNNVDid:CNNVD-201704-213
db:NVDid:CVE-2014-3223

LAST UPDATE DATE
2024-11-23T22:07:28.608000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05108date:2017-04-23T00:00:00
db:VULHUBid:VHN-71162date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2014-008274date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-213date:2017-04-06T00:00:00
db:NVDid:CVE-2014-3223date:2024-11-21T02:07:42.830

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05108date:2017-04-23T00:00:00
db:VULHUBid:VHN-71162date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008274date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-213date:2017-04-06T00:00:00
db:NVDid:CVE-2014-3223date:2017-04-02T20:59:00.237