CVE-2014-5394
UnknownEPSS 1.73%
Last modified
CVE-2014-5394 is a vulnerability of currently unknown severity. Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.. EPSS estimates a 1.73% chance of exploitation in the next 30 days.
Description
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Huawei | S9300 Firmware | v200r001c00spc300 |
| Huawei | S9300 Firmware | v200r002c00spc300 |
| Huawei | S9300 Firmware | v200r003c00spc500 |
| Huawei | S9300e Firmware | v200r001c00spc300 |
| Huawei | S9300e Firmware | v200r002c00spc300 |
| Huawei | S9300e Firmware | v200r003c00spc500 |
| Huawei | S7700 Firmware | v200r001c00spc300 |
| Huawei | S7700 Firmware | v200r002c00spc300 |
| Huawei | S7700 Firmware | v200r003c00spc500 |
| Huawei | S9700 Firmware | v200r001c00spc300 |
| Huawei | S9700 Firmware | v200r002c00spc300 |
| Huawei | S9700 Firmware | v200r003c00spc500 |
| Huawei | S5700 Firmware | v200r001c00spc300 |
| Huawei | S5700 Firmware | v200r002c00spc300 |
| Huawei | S5700 Firmware | v200r003c00spc300 |
| Huawei | S6700 Firmware | v200r001c00spc300 |
| Huawei | S6700 Firmware | v200r002c00spc300 |
| Huawei | S6700 Firmware | v200r003c00spc300 |
| Huawei | S5300 Firmware | v200r001c00spc300 |
| Huawei | S5300 Firmware | v200r002c00spc300 |
| Huawei | S5300 Firmware | v200r003c00spc300 |
| Huawei | S6300 Firmware | v200r001c00spc300 |
| Huawei | S6300 Firmware | v200r002c00spc300 |
| Huawei | S6300 Firmware | v200r003c00spc300 |
| Huawei | S2300 Firmware | v100r006c05 |
| Huawei | S2700 Firmware | v100r006c05 |
| Huawei | S3300 Firmware | v100r006c05 |
| Huawei | S3700 Firmware | v100r006c05 |
References
- http://www.securityfocus.com/bid/69302Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97763Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/69302Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97763Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-5394?
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.
How severe is CVE-2014-5394?
Severity scoring for CVE-2014-5394 is pending analysis. The EPSS model estimates a 1.73% probability of exploitation in the next 30 days.
How do I fix CVE-2014-5394?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2014-5394?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST