This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy
The user authentication module in some Huawei switch products has the memory overflow vulnerability that can cause device restart when users log in improperly
(Vulnerability ID: HWPSIRT-2015-02014).
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-2800.
Product |
Affected Versions |
Fixed Versions |
Campus switch S5700 |
V200R001C00SPC300 |
V200R001SPH012 |
Campus switch S5300 |
V200R001C00SPC300 |
V200R001SPH012 |
Campus switch S6300 |
V200R001C00SPC300 |
V200R001SPH012 |
Campus switch S6700 |
V200R001C00SPC300 |
V200R001SPH012 |
Campus switch S7700 |
V200R001C00SPC300 |
V200R001SPH015 |
Campus switch S9300 |
V200R001C00SPC300 |
V200R001SPH015 |
Campus switch S9700 |
V200R001C00SPC300 |
V200R001SPH015 |
An attacker can exploit this vulnerability to restart the target device.
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Temporal Score: 4.1 (E:F/RL:O/RC:C)
1. Prerequisite:
The attacker can be connected to the target device.
2. Attack procedure:
The service processing function does not verify the validity of inputs. Therefore, if users log in to the device with a special user name, array access violation may be caused, resulting in device restart.
This vulnerability was found by vhunter team. Huawei PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
Huawei express our appreciation for vhunter team concerns on Huawei products.
For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.
For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.
2015-03-31 V1.1 UPDATED Summary
2015-03-19 V1.0 INITIAL
None