ID

VAR-201704-0438


CVE

CVE-2014-3224


TITLE

Huawei Quidway Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-008275

DESCRIPTION

Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products. (DoS) There is a possibility of being put into a state. The Quidway S9700, the Quidway S9300, the Quidway S7700, the Quidway S6700, the Quidway S6300, the Quidway S5700, and the Quidway S5300 are various types of switches. The following products and versions are affected: Huawei Quidway S9700 V200R003C00SPC500 Version; Quidway S9300 V200R003C00SPC500 Version; Quidway S7700 V200R003C00SPC500 Version; Quidway S6700 V200R003C00SPC500 Version; Quidway S6300 V200R003C00SPC500 Version; Quidway S5700 V200R003C00SPC500 Version; Quidway S5300 V200R003C00SPC500 Version

Trust: 2.25

sources: NVD: CVE-2014-3224 // JVNDB: JVNDB-2014-008275 // CNVD: CNVD-2017-05107 // VULHUB: VHN-71163

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05107

AFFECTED PRODUCTS

vendor:huaweimodel:quidway s5300scope:eqversion:v200r003c00spc300

Trust: 2.4

vendor:huaweimodel:quidway s5700scope:eqversion:v200r003c00spc300

Trust: 2.4

vendor:huaweimodel:quidway s6300scope:eqversion:v200r003c00spc300

Trust: 2.4

vendor:huaweimodel:quidway s6700scope:eqversion:v200r003c00spc300

Trust: 2.4

vendor:huaweimodel:quidway s7700scope:eqversion:v200r003c00spc500

Trust: 2.4

vendor:huaweimodel:quidway s9300scope:eqversion:v200r003c00spc500

Trust: 2.4

vendor:huaweimodel:quidway s9700scope:eqversion:v200r003c00spc500

Trust: 2.4

vendor:huaweimodel:quidway s6700 v200r003c00spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:quidway s6300 v200r003c00spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:quidway s9700 v200r003c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:quidway s9300 v200r003c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:quidway s7700 v200r003c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:quidway s5700 v200r003c00spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:quidway s5300 v200r003c00spc300scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-05107 // JVNDB: JVNDB-2014-008275 // CNNVD: CNNVD-201704-212 // NVD: CVE-2014-3224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3224
value: HIGH

Trust: 1.0

NVD: CVE-2014-3224
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-05107
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-212
value: HIGH

Trust: 0.6

VULHUB: VHN-71163
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3224
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05107
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71163
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-3224
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-05107 // VULHUB: VHN-71163 // JVNDB: JVNDB-2014-008275 // CNNVD: CNNVD-201704-212 // NVD: CVE-2014-3224

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-71163 // JVNDB: JVNDB-2014-008275 // NVD: CVE-2014-3224

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-212

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201704-212

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008275

PATCH

title:Huawei-SA-20140423-01-Quidwayurl:http://www.huawei.com/en/psirt/security-advisories/hw-333184

Trust: 0.8

title:Patches for multiple Huawei Quidway switch denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/92442

Trust: 0.6

title:Variety of Huawei Quidway Repair measures for switch resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69058

Trust: 0.6

sources: CNVD: CNVD-2017-05107 // JVNDB: JVNDB-2014-008275 // CNNVD: CNNVD-201704-212

EXTERNAL IDS

db:NVDid:CVE-2014-3224

Trust: 3.1

db:JVNDBid:JVNDB-2014-008275

Trust: 0.8

db:CNNVDid:CNNVD-201704-212

Trust: 0.7

db:CNVDid:CNVD-2017-05107

Trust: 0.6

db:VULHUBid:VHN-71163

Trust: 0.1

sources: CNVD: CNVD-2017-05107 // VULHUB: VHN-71163 // JVNDB: JVNDB-2014-008275 // CNNVD: CNNVD-201704-212 // NVD: CVE-2014-3224

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/hw-333184

Trust: 2.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3224

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-3224

Trust: 0.8

sources: CNVD: CNVD-2017-05107 // VULHUB: VHN-71163 // JVNDB: JVNDB-2014-008275 // CNNVD: CNNVD-201704-212 // NVD: CVE-2014-3224

SOURCES

db:CNVDid:CNVD-2017-05107
db:VULHUBid:VHN-71163
db:JVNDBid:JVNDB-2014-008275
db:CNNVDid:CNNVD-201704-212
db:NVDid:CVE-2014-3224

LAST UPDATE DATE

2024-11-23T22:22:34.443000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-05107date:2017-04-23T00:00:00
db:VULHUBid:VHN-71163date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2014-008275date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-212date:2017-04-06T00:00:00
db:NVDid:CVE-2014-3224date:2024-11-21T02:07:42.947

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-05107date:2017-04-23T00:00:00
db:VULHUBid:VHN-71163date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008275date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-212date:2017-04-06T00:00:00
db:NVDid:CVE-2014-3224date:2017-04-02T20:59:00.250