製品・ソフトウェアに関する情報

JVN脆弱性詳細

Huawei Campus シリーズスイッチのソフトウェアにおけるヒープベースのバッファオーバーフローの脆弱性

Title	Huawei Campus シリーズスイッチのソフトウェアにおけるヒープベースのバッファオーバーフローの脆弱性
Summary	Huawei Campus シリーズスイッチのソフトウェアには、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工されたパケットの length フィールドを介して、サービス運用妨害 (デバイスの再起動) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 4, 2014, midnight
Registration Date	June 19, 2014, 12:01 p.m.
Last Update	June 19, 2014, 12:01 p.m.

Affected System

Huawei

Campus LSW S9700

Campus S2350

Campus S2750

Campus S3300HI

Campus S3700HI

Campus S5300

Campus S5700

Campus S6300

Campus S6700

Campus S7700

Campus S9300

Campus S9300E

Campus Series Switche software V200R001C00SPC300

Campus Series Switche software V200R002C00SPC100

Campus Series Switche software V200R003C00SPC300

Campus Series Switche software V200R003C00SPC500

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-4190	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4190
National Vulnerability Database (NVD)
2	CVE-2014-4190	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4190

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Security Advisory
1	Huawei-SA-20140604-01-Campus	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-343218.htm

Change Log

No	Changed Details	Date of change
0	[2014年06月19日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-4190

Summary	Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.
Publication Date	June 17, 2014, 11:55 p.m.
Registration Date	Jan. 26, 2021, 3:12 p.m.
Last Update	Nov. 21, 2024, 11:09 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:huawei:campus_series_switch_software:v200r001:::::::*
cpe:2.3:h:huawei:campus_lsw_s9700:-:::::::*
cpe:2.3:h:huawei:campus_s3300hi:-:::::::*
cpe:2.3:h:huawei:campus_s3700hi:-:::::::*
cpe:2.3:h:huawei:campus_s5300:-:::::::*
cpe:2.3:h:huawei:campus_s5700:-:::::::*
cpe:2.3:h:huawei:campus_s6300:-:::::::*
cpe:2.3:h:huawei:campus_s6700:-:::::::*
cpe:2.3:h:huawei:campus_s7700:-:::::::*
cpe:2.3:h:huawei:campus_s9300:-:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:huawei:campus_series_switch_software:v200r005:::::::*
cpe:2.3:h:huawei:campus_lsw_s9700:-:::::::*
cpe:2.3:h:huawei:campus_s7700:-:::::::*
cpe:2.3:h:huawei:campus_s9300:-:::::::*
cpe:2.3:h:huawei:campus_s9300e:-:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:huawei:campus_series_switch_software:v200r003:::::::*
cpe:2.3:h:huawei:campus_lsw_s9700:-:::::::*
cpe:2.3:h:huawei:campus_s2350:-:::::::*
cpe:2.3:h:huawei:campus_s2750:-:::::::*
cpe:2.3:h:huawei:campus_s5300:-:::::::*
cpe:2.3:h:huawei:campus_s5700:-:::::::*
cpe:2.3:h:huawei:campus_s6300:-:::::::*
cpe:2.3:h:huawei:campus_s6700:-:::::::*
cpe:2.3:h:huawei:campus_s7700:-:::::::*
cpe:2.3:h:huawei:campus_s9300:-:::::::*
cpe:2.3:h:huawei:campus_s9300e:-:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:huawei:campus_series_switch_software:v200r002:::::::*
cpe:2.3:h:huawei:campus_s5300:-:::::::*
cpe:2.3:h:huawei:campus_s5700:-:::::::*
cpe:2.3:h:huawei:campus_s6300:-:::::::*
cpe:2.3:h:huawei:campus_s6700:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-343218.htm	Vendor Advisory
2	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-343218.htm	Vendor Advisory
3	http://www.securityfocus.com/bid/67907
4	http://www.securityfocus.com/bid/67907

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:huawei:campus_series_switch_software:v200r001:::::::*
cpe:2.3:h:huawei:campus_lsw_s9700:-:::::::*
cpe:2.3:h:huawei:campus_s3300hi:-:::::::*
cpe:2.3:h:huawei:campus_s3700hi:-:::::::*
cpe:2.3:h:huawei:campus_s5300:-:::::::*
cpe:2.3:h:huawei:campus_s5700:-:::::::*
cpe:2.3:h:huawei:campus_s6300:-:::::::*
cpe:2.3:h:huawei:campus_s6700:-:::::::*
cpe:2.3:h:huawei:campus_s7700:-:::::::*
cpe:2.3:h:huawei:campus_s9300:-:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:huawei:campus_series_switch_software:v200r003:::::::*
cpe:2.3:h:huawei:campus_lsw_s9700:-:::::::*
cpe:2.3:h:huawei:campus_s2350:-:::::::*
cpe:2.3:h:huawei:campus_s2750:-:::::::*
cpe:2.3:h:huawei:campus_s5300:-:::::::*
cpe:2.3:h:huawei:campus_s5700:-:::::::*
cpe:2.3:h:huawei:campus_s6300:-:::::::*
cpe:2.3:h:huawei:campus_s6700:-:::::::*
cpe:2.3:h:huawei:campus_s7700:-:::::::*
cpe:2.3:h:huawei:campus_s9300:-:::::::*
cpe:2.3:h:huawei:campus_s9300e:-:::::::*