Sign-up

ID

VAR-201710-0168


CVE

CVE-2014-9697


TITLE

plural Huawei USG Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008420

DESCRIPTION

Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. Huawei USG9520 , USG9560 ,and USG9580 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei USG9560, 9520, and 9580 are all USG9500 series firewall devices of China's Huawei (Huawei). Many Huawei products have memory leak vulnerabilities. Attackers can exploit this vulnerability by accessing specific webpages on the web device to cause the main control board to restart and trigger dual-master switching (memory corruption). The following products and versions are affected: Huawei USG9560 V300R001C00, V300R001C01SPC100; USG 9520 V300R001C00, V300R001C01SPC100; USG 9580 V300R001C00, V300R001C01SPC100

Trust: 1.71

sources: NVD: CVE-2014-9697 // JVNDB: JVNDB-2014-008420 // VULHUB: VHN-77642

AFFECTED PRODUCTS

vendor:huaweimodel:usg9580scope:eqversion:v300r001c00

Trust: 1.6

vendor:huaweimodel:usg9520scope:eqversion:v300r001c01spc100

Trust: 1.6

vendor:huaweimodel:usg9560scope:eqversion:v300r001c01spc100

Trust: 1.6

vendor:huaweimodel:usg9560scope:eqversion:v300r001c00

Trust: 1.6

vendor:huaweimodel:usg9520scope:eqversion:v300r001c00

Trust: 1.6

vendor:huaweimodel:usg9580scope:eqversion:v300r001c01spc100

Trust: 1.6

vendor:huaweimodel:usg9520scope:ltversion:v300r001c01spc300

Trust: 0.8

vendor:huaweimodel:usg9560scope:ltversion:v300r001c01spc300

Trust: 0.8

vendor:huaweimodel:usg9580scope:ltversion:v300r001c01spc300

Trust: 0.8

sources: JVNDB: JVNDB-2014-008420 // CNNVD: CNNVD-201710-595 // NVD: CVE-2014-9697

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9697
value: HIGH

Trust: 1.0

NVD: CVE-2014-9697
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-595
value: HIGH

Trust: 0.6

VULHUB: VHN-77642
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-9697
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-77642
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-9697
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-77642 // JVNDB: JVNDB-2014-008420 // CNNVD: CNNVD-201710-595 // NVD: CVE-2014-9697

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-77642 // JVNDB: JVNDB-2014-008420 // NVD: CVE-2014-9697

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-595

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-595

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008420

PATCH
title:Huawei-SA-20141224-01-USGurl:http://www.huawei.com/en/psirt/security-advisories/hw-408141
Trust: 0.8
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75639
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-008420 // 
            
            
            
            CNNVD: CNNVD-201710-595

EXTERNAL IDS
db:NVDid:CVE-2014-9697
Trust: 2.5
db:JVNDBid:JVNDB-2014-008420
Trust: 0.8
db:CNNVDid:CNNVD-201710-595
Trust: 0.7
db:VULHUBid:VHN-77642
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77642 // 
            
            
            
            JVNDB: JVNDB-2014-008420 // 
            
            
            
            CNNVD: CNNVD-201710-595 // 
            
            
            
            NVD: CVE-2014-9697

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408141.htm
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9697
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-9697
Trust: 0.8
sources:
            
            
            VULHUB: VHN-77642 // 
            
            
            
            JVNDB: JVNDB-2014-008420 // 
            
            
            
            CNNVD: CNNVD-201710-595 // 
            
            
            
            NVD: CVE-2014-9697

SOURCES
db:VULHUBid:VHN-77642
db:JVNDBid:JVNDB-2014-008420
db:CNNVDid:CNNVD-201710-595
db:NVDid:CVE-2014-9697

LAST UPDATE DATE
2024-11-23T22:07:14.997000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-77642date:2017-11-08T00:00:00
db:JVNDBid:JVNDB-2014-008420date:2017-11-14T00:00:00
db:CNNVDid:CNNVD-201710-595date:2017-11-07T00:00:00
db:NVDid:CVE-2014-9697date:2024-11-21T02:21:28.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-77642date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2014-008420date:2017-11-14T00:00:00
db:CNNVDid:CNNVD-201710-595date:2017-10-26T00:00:00
db:NVDid:CVE-2014-9697date:2017-10-17T14:29:00.540