This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy
The SSH of the VRP has an input verification issue. Remote attackers can send a special SSH packet to the device to cause a denial of service (Vulnerability ID: HWPSIRT-2014-0701).
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-8572.
Product name |
Affected Version |
Resolved Product and Version |
AC6605 |
AC6605 V200R001C00 |
AC6605 V200R005C00SPC600 |
AC6605 V200R002C00 |
||
ACU |
ACU V200R001C00 |
ACU V200R002C00SPH601 |
ACU V200R002C00 |
||
S2300/ S3300/ |
V100R006C05 and earlier versions |
V100R006C05+V100R006CP0001 |
S5300/ S5700/ |
V100R006 |
V200R005C00SPC300+V200R005CP0001 |
V200R001 |
||
V200R002 |
||
V200R003 |
||
V200R005C00SPC300 and earlier versions |
||
S7700/ S9300/ |
V100R006 |
V200R003C00SPC500+V200R003SPH008 or V200R005C00SPC300+V200R005SPH001 |
V200R001 |
||
V200R002 |
||
V200R003 |
V200R003C00SPC500+V200R003SPH008 |
|
V200R005C00SPC300 and earlier versions |
V200R005C00SPC300+V200R005SPH001 |
Attackers can exploit this vulnerability to cause a denial of service.
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Temporal Score: 6.4 (E:F/RL:O/RC:C)
1. Prerequisite:
1) Attackers can access the device;
2) SSH is enabled on the device;
2. Vulnerability details:
Attackers send a special SSH packet to device after the connection is established. Device does not verify the validity of a field in the packet cause a denial of service.
This vulnerability was found by Huawei engineer. Huawei PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.
For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.
2016-05-18 V1.3 UPDATED Updated resolved product and version
2014-11-04 V1.2 UPDATED Updated the assigned CVE ID
2014-10-30 V1.1 UPDATED Updated resolved product and version
2014-10-10 V1.0 INITIAL
None