cnvd - cnvd-2017-05107

CNVD-2017-05107

Vulnerability from cnvd - Published: 2017-04-23

Title

多款华为Quidway交换机拒绝服务漏洞

Description

Quidway S9700、Quidway S9300、Quidway S7700、Quidway S6700、Quidway S6300、Quidway S5700、Quidway S5300是华为推出的各种类型的交换机。多款华为Quidway交换机存在拒绝服务漏洞，攻击者可通过向漏洞产品发送专门设计的畸形数据包发起拒绝服务攻击。

Severity

高

Patch Name

多款华为Quidway交换机拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://www.huawei.com/en/psirt/security-advisories/hw-333184

Reference

http://www.huawei.com/en/psirt/security-advisories/hw-333184

Impacted products

Name
['Huawei Quidway S9700 V200R003C00SPC500', 'Huawei Quidway S9300 V200R003C00SPC500', 'Huawei Quidway S7700 V200R003C00SPC500', 'Huawei Quidway S5700 V200R003C00SPC300', 'Huawei Quidway S5300 V200R003C00SPC300', 'Huawei Quidway S6700 V200R003C00SPC300', 'Huawei Quidway S6300 V200R003C00SPC300']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-3224"
    }
  },
  "description": "Quidway S9700\u3001Quidway S9300\u3001Quidway S7700\u3001Quidway S6700\u3001Quidway S6300\u3001Quidway S5700\u3001Quidway S5300\u662f\u534e\u4e3a\u63a8\u51fa\u7684\u5404\u79cd\u7c7b\u578b\u7684\u4ea4\u6362\u673a\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3aQuidway\u4ea4\u6362\u673a\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u6f0f\u6d1e\u4ea7\u54c1\u53d1\u9001\u4e13\u95e8\u8bbe\u8ba1\u7684\u7578\u5f62\u6570\u636e\u5305\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Huawei R\u0026D engineers",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/en/psirt/security-advisories/hw-333184",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05107",
  "openTime": "2017-04-23",
  "patchDescription": "Quidway S9700\u3001Quidway S9300\u3001Quidway S7700\u3001Quidway S6700\u3001Quidway S6300\u3001Quidway S5700\u3001Quidway S5300\u662f\u534e\u4e3a\u63a8\u51fa\u7684\u5404\u79cd\u7c7b\u578b\u7684\u4ea4\u6362\u673a\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3aQuidway\u4ea4\u6362\u673a\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u6f0f\u6d1e\u4ea7\u54c1\u53d1\u9001\u4e13\u95e8\u8bbe\u8ba1\u7684\u7578\u5f62\u6570\u636e\u5305\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3e\u534e\u4e3aQuidway\u4ea4\u6362\u673a\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei Quidway S9700 V200R003C00SPC500",
      "Huawei Quidway S9300 V200R003C00SPC500",
      "Huawei Quidway S7700 V200R003C00SPC500",
      "Huawei Quidway S5700 V200R003C00SPC300",
      "Huawei Quidway S5300 V200R003C00SPC300",
      "Huawei Quidway S6700 V200R003C00SPC300",
      "Huawei Quidway S6300 V200R003C00SPC300"
    ]
  },
  "referenceLink": "http://www.huawei.com/en/psirt/security-advisories/hw-333184",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-06",
  "title": "\u591a\u6b3e\u534e\u4e3aQuidway\u4ea4\u6362\u673a\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2014-3224 (GCVE-0-2014-3224)

Vulnerability from cvelistv5 – Published: 2017-04-02 20:00 – Updated: 2024-08-06 10:35

Summary

Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products.

Severity ?

No CVSS data available.

CWE

Improper Input Validation

Assigner

huawei

References

URL

Tags

http://www.huawei.com/en/psirt/security-advisorie…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Quidway S9700,Quidway S9300,Quidway S7700,Quidway S6700,Quidway S6300,Quidway S5700,Quidway S5300 Quidway S9700 V200R003C00SPC500,Quidway S9300 V200R003C00SPC500,Quidway S7700 V200R003C00SPC500,Quidway S6700 V200R003C00SPC300,Quidway S6300 V200R003C00SPC300,Quidway S5700 V200R003C00SPC300,Quidway S5300 V200R003C00SPC300	Affected: Quidway S9700,Quidway S9300,Quidway S7700,Quidway S6700,Quidway S6300,Quidway S5700,Quidway S5300 Quidway S9700 V200R003C00SPC500,Quidway S9300 V200R003C00SPC500,Quidway S7700 V200R003C00SPC500,Quidway S6700 V200R003C00SPC300,Quidway S6300 V200R003C00SPC300,Quidway S5700 V200R003C00SPC300,Quidway S5300 V200R003C00SPC300

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/hw-333184"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Quidway S9700,Quidway S9300,Quidway S7700,Quidway S6700,Quidway S6300,Quidway S5700,Quidway S5300 Quidway S9700 V200R003C00SPC500,Quidway S9300 V200R003C00SPC500,Quidway S7700 V200R003C00SPC500,Quidway S6700 V200R003C00SPC300,Quidway S6300 V200R003C00SPC300,Quidway S5700 V200R003C00SPC300,Quidway S5300 V200R003C00SPC300",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Quidway S9700,Quidway S9300,Quidway S7700,Quidway S6700,Quidway S6300,Quidway S5700,Quidway S5300 Quidway S9700 V200R003C00SPC500,Quidway S9300 V200R003C00SPC500,Quidway S7700 V200R003C00SPC500,Quidway S6700 V200R003C00SPC300,Quidway S6300 V200R003C00SPC300,Quidway S5700 V200R003C00SPC300,Quidway S5300 V200R003C00SPC300"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-02T19:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/hw-333184"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2014-3224",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Quidway S9700,Quidway S9300,Quidway S7700,Quidway S6700,Quidway S6300,Quidway S5700,Quidway S5300 Quidway S9700 V200R003C00SPC500,Quidway S9300 V200R003C00SPC500,Quidway S7700 V200R003C00SPC500,Quidway S6700 V200R003C00SPC300,Quidway S6300 V200R003C00SPC300,Quidway S5700 V200R003C00SPC300,Quidway S5300 V200R003C00SPC300",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Quidway S9700,Quidway S9300,Quidway S7700,Quidway S6700,Quidway S6300,Quidway S5700,Quidway S5300 Quidway S9700 V200R003C00SPC500,Quidway S9300 V200R003C00SPC500,Quidway S7700 V200R003C00SPC500,Quidway S6700 V200R003C00SPC300,Quidway S6300 V200R003C00SPC300,Quidway S5700 V200R003C00SPC300,Quidway S5300 V200R003C00SPC300"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300 enable attackers to launch DoS attacks by crafting and sending malformed packets to these vulnerable products."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/hw-333184",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/hw-333184"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2014-3224",
    "datePublished": "2017-04-02T20:00:00",
    "dateReserved": "2014-05-05T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-05107

CVE-2014-3224 (GCVE-0-2014-3224)

Tags

Sightings

Nomenclature