var-201710-0168
Vulnerability from variot
Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. Huawei USG9520 , USG9560 ,and USG9580 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei USG9560, 9520, and 9580 are all USG9500 series firewall devices of China's Huawei (Huawei). Many Huawei products have memory leak vulnerabilities. Attackers can exploit this vulnerability by accessing specific webpages on the web device to cause the main control board to restart and trigger dual-master switching (memory corruption). The following products and versions are affected: Huawei USG9560 V300R001C00, V300R001C01SPC100; USG 9520 V300R001C00, V300R001C01SPC100; USG 9580 V300R001C00, V300R001C01SPC100
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usg9580",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c01spc100"
},
{
"model": "usg9560",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c01spc100"
},
{
"model": "usg9580",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg9560",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg9520",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg9520",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v300r001c01spc100"
},
{
"model": "usg9520",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c01spc300"
},
{
"model": "usg9560",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c01spc300"
},
{
"model": "usg9580",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v300r001c01spc300"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"db": "NVD",
"id": "CVE-2014-9697"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:usg9560_firmware:v300r001c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:usg9560_firmware:v300r001c01spc100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:usg9520_firmware:v300r001c01spc100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:usg9520_firmware:v300r001c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:usg9580_firmware:v300r001c01spc100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:usg9580_firmware:v300r001c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9697"
}
]
},
"cve": "CVE-2014-9697",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-9697",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-77642",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-9697",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9697",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-595",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-77642",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77642"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"db": "NVD",
"id": "CVE-2014-9697"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. Huawei USG9520 , USG9560 ,and USG9580 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei USG9560, 9520, and 9580 are all USG9500 series firewall devices of China\u0027s Huawei (Huawei). Many Huawei products have memory leak vulnerabilities. Attackers can exploit this vulnerability by accessing specific webpages on the web device to cause the main control board to restart and trigger dual-master switching (memory corruption). The following products and versions are affected: Huawei USG9560 V300R001C00, V300R001C01SPC100; USG 9520 V300R001C00, V300R001C01SPC100; USG 9580 V300R001C00, V300R001C01SPC100",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9697"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"db": "VULHUB",
"id": "VHN-77642"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9697",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008420",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-595",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-77642",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77642"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"db": "NVD",
"id": "CVE-2014-9697"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
]
},
"id": "VAR-201710-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-77642"
}
],
"trust": 0.64543495
},
"last_update_date": "2023-12-18T12:29:23.293000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20141224-01-USG",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-408141"
},
{
"title": "Multiple Huawei Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75639"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77642"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"db": "NVD",
"id": "CVE-2014-9697"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408141.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9697"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9697"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77642"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"db": "NVD",
"id": "CVE-2014-9697"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-77642"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"db": "NVD",
"id": "CVE-2014-9697"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-77642"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"date": "2017-10-17T14:29:00.540000",
"db": "NVD",
"id": "CVE-2014-9697"
},
{
"date": "2017-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-77642"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008420"
},
{
"date": "2017-11-08T18:05:15.063000",
"db": "NVD",
"id": "CVE-2014-9697"
},
{
"date": "2017-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei USG Product depletion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008420"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-595"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.