Strix
26.1K

CVE-2014-4705

UnknownEPSS 1.49%

Last modified

CVE-2014-4705 is a vulnerability of currently unknown severity. Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.. EPSS estimates a 1.49% chance of exploitation in the next 30 days.

Description

Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.

Metrics

EPSS Probability
1.49%

70.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiS9300 Firmwarev200r001c00spc300
HuaweiS9300 Firmwarev200r002c00spc100
HuaweiS9300 Firmwarev200r003c00spc500
HuaweiS9700 Firmwarev200r001c00spc300
HuaweiS9700 Firmwarev200r002c00spc100
HuaweiS9700 Firmwarev200r003c00spc500
HuaweiS7700 Firmwarev200r001c00spc300
HuaweiS7700 Firmwarev200r002c00spc100
HuaweiS7700 Firmwarev200r003c00spc500
HuaweiS5300 Firmwarev200r001c00spc300
HuaweiS5300 Firmwarev200r002c00spc100
HuaweiS5300 Firmwarev200r003c00spc300
HuaweiS5700 Firmwarev200r001c00spc300
HuaweiS5700 Firmwarev200r002c00spc100
HuaweiS5700 Firmwarev200r003c00spc300
HuaweiS6300 Firmwarev200r001c00spc300
HuaweiS6300 Firmwarev200r002c00spc100
HuaweiS6300 Firmwarev200r003c00spc300
HuaweiS6700 Firmwarev200r001c00spc300
HuaweiS6700 Firmwarev200r002c00spc100
HuaweiS6700 Firmwarev200r003c00spc300
HuaweiAr150 Firmwarev200r003c00spc100
HuaweiAr150 Firmwarev200r003c00spc200
HuaweiAr150 Firmwarev200r003c01spc100
HuaweiAr150 Firmwarev200r003c01spc300
HuaweiAr150 Firmwarev200r003c01spc900
HuaweiAr150 Firmwarev200r005c00spc100
HuaweiAr150 Firmwarev200r005c00spc200
HuaweiAr160 Firmwarev200r003c00spc100
HuaweiAr160 Firmwarev200r003c00spc200
HuaweiAr160 Firmwarev200r003c01spc100
HuaweiAr160 Firmwarev200r003c01spc300
HuaweiAr160 Firmwarev200r003c01spc900
HuaweiAr160 Firmwarev200r005c00spc100
HuaweiAr160 Firmwarev200r005c00spc200
HuaweiAr200 Firmwarev200r003c00spc100
HuaweiAr200 Firmwarev200r003c00spc200
HuaweiAr200 Firmwarev200r003c01spc100
HuaweiAr200 Firmwarev200r003c01spc300
HuaweiAr200 Firmwarev200r003c01spc900
HuaweiAr200 Firmwarev200r005c00spc100
HuaweiAr200 Firmwarev200r005c00spc200
HuaweiAr1200 Firmwarev200r003c00spc100
HuaweiAr1200 Firmwarev200r003c00spc200
HuaweiAr1200 Firmwarev200r003c01spc100
HuaweiAr1200 Firmwarev200r003c01spc300
HuaweiAr1200 Firmwarev200r003c01spc900
HuaweiAr1200 Firmwarev200r005c00spc100
HuaweiAr1200 Firmwarev200r005c00spc200
HuaweiAr2200 Firmwarev200r003c00spc100

Showing 50 of 109 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-4705?
Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.
How severe is CVE-2014-4705?
Severity scoring for CVE-2014-4705 is pending analysis. The EPSS model estimates a 1.49% probability of exploitation in the next 30 days.
How do I fix CVE-2014-4705?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-4705?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST