cnvd - cnvd-2017-04631

cnvd-2017-04631

Vulnerability from cnvd

Title: 多款华为交换机信息泄露漏洞

Description:

华为S9300等都是中国华为（Huawei）公司的S系列交换机。

使用VRP平台的多款华为交换机中存在信息泄露漏洞。攻击者可利用该漏洞泄露网络设备接口IP地址信息。

Severity: 中

Patch Name: 多款华为交换机信息泄露漏洞的补丁

Patch Description:

华为S9300等都是中国华为（Huawei）公司的S系列交换机。

使用VRP平台的多款华为交换机中存在信息泄露漏洞。攻击者可利用该漏洞泄露网络设备接口IP地址信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：http://www.huawei.com/cn/psirt/security-advisories/hw-372144

Reference: http://www.huawei.com/en/psirt/security-advisories/hw-372145

Impacted products

Name
['Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V100R002', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V100R003', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V100R006', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V200R001', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V200R002', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V200R003', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V200R005', 'Huawei S9300E/ S9303E/ S9306E/ S9312E/ S9700/ S9703/ S9706/ S9712 V200R001', 'Huawei S9300E/ S9303E/ S9306E/ S9312E/ S9700/ S9703/ S9706/ S9712 V200R002', 'Huawei S9300E/ S9303E/ S9306E/ S9312E/ S9700/ S9703/ S9706/ S9712 V200R003', 'Huawei S9300E/ S9303E/ S9306E/ S9312E/ S9700/ S9703/ S9706/ S9712 V200R005', 'Huawei S12708/ S12712 V200R005', 'Huawei 5700HI/5300HI V100R006', 'Huawei 5700HI/5300HI V200R001', 'Huawei 5700HI/5300HI V200R002', 'Huawei 5700HI/5300HI V200R003', 'Huawei 5700HI/5300HI V200R005', 'Huawei 5710EI/5310EI V200R002', 'Huawei 5710EI/5310EI V200R003', 'Huawei 5710EI/5310EI V200R005', 'Huawei 5710HI/5310HI V200R003', 'Huawei 5710HI/5310HI V200R005', 'Huawei 6700EI/6300EI V200R005']

Name

['Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V100R002', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V100R003', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V100R006', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V200R001', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V200R002', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V200R003', 'Huawei S9300/ S9303/ S9306/ S9312/ S7700/ S7703/ S7706/ S7712 V200R005', 'Huawei S9300E/ S9303E/ S9306E/ S9312E/ S9700/ S9703/ S9706/ S9712 V200R001', 'Huawei S9300E/ S9303E/ S9306E/ S9312E/ S9700/ S9703/ S9706/ S9712 V200R002', 'Huawei S9300E/ S9303E/ S9306E/ S9312E/ S9700/ S9703/ S9706/ S9712 V200R003', 'Huawei S9300E/ S9303E/ S9306E/ S9312E/ S9700/ S9703/ S9706/ S9712 V200R005', 'Huawei S12708/ S12712 V200R005', 'Huawei 5700HI/5300HI V100R006', 'Huawei 5700HI/5300HI V200R001', 'Huawei 5700HI/5300HI V200R002', 'Huawei 5700HI/5300HI V200R003', 'Huawei 5700HI/5300HI V200R005', 'Huawei 5710EI/5310EI V200R002', 'Huawei 5710EI/5310EI V200R003', 'Huawei 5710EI/5310EI V200R005', 'Huawei 5710HI/5310HI V200R003', 'Huawei 5710HI/5310HI V200R005', 'Huawei 6700EI/6300EI V200R005']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8570",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8570"
    }
  },
  "description": "\u534e\u4e3aS9300\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684S\u7cfb\u5217\u4ea4\u6362\u673a\u3002\r\n\r\n\u4f7f\u7528VRP\u5e73\u53f0\u7684\u591a\u6b3e\u534e\u4e3a\u4ea4\u6362\u673a\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u7f51\u7edc\u8bbe\u5907\u63a5\u53e3IP\u5730\u5740\u4fe1\u606f\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttp://www.huawei.com/cn/psirt/security-advisories/hw-372144",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04631",
  "openTime": "2017-04-19",
  "patchDescription": "\u534e\u4e3aS9300\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684S\u7cfb\u5217\u4ea4\u6362\u673a\u3002\r\n\r\n\u4f7f\u7528VRP\u5e73\u53f0\u7684\u591a\u6b3e\u534e\u4e3a\u4ea4\u6362\u673a\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u7f51\u7edc\u8bbe\u5907\u63a5\u53e3IP\u5730\u5740\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3e\u534e\u4e3a\u4ea4\u6362\u673a\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei S9300/ S9303/ S9306/ S9312/  S7700/ S7703/ S7706/ S7712 V100R002",
      "Huawei S9300/ S9303/ S9306/ S9312/  S7700/ S7703/ S7706/ S7712 V100R003",
      "Huawei S9300/ S9303/ S9306/ S9312/  S7700/ S7703/ S7706/ S7712 V100R006",
      "Huawei S9300/ S9303/ S9306/ S9312/  S7700/ S7703/ S7706/ S7712 V200R001",
      "Huawei S9300/ S9303/ S9306/ S9312/  S7700/ S7703/ S7706/ S7712 V200R002",
      "Huawei S9300/ S9303/ S9306/ S9312/  S7700/ S7703/ S7706/ S7712 V200R003",
      "Huawei S9300/ S9303/ S9306/ S9312/  S7700/ S7703/ S7706/ S7712 V200R005",
      "Huawei S9300E/ S9303E/ S9306E/ S9312E/  S9700/ S9703/ S9706/ S9712 V200R001",
      "Huawei S9300E/ S9303E/ S9306E/ S9312E/  S9700/ S9703/ S9706/ S9712 V200R002",
      "Huawei S9300E/ S9303E/ S9306E/ S9312E/  S9700/ S9703/ S9706/ S9712 V200R003",
      "Huawei S9300E/ S9303E/ S9306E/ S9312E/  S9700/ S9703/ S9706/ S9712 V200R005",
      "Huawei S12708/ S12712 V200R005",
      "Huawei 5700HI/5300HI V100R006",
      "Huawei 5700HI/5300HI V200R001",
      "Huawei 5700HI/5300HI V200R002",
      "Huawei 5700HI/5300HI V200R003",
      "Huawei 5700HI/5300HI V200R005",
      "Huawei 5710EI/5310EI V200R002",
      "Huawei 5710EI/5310EI V200R003",
      "Huawei 5710EI/5310EI V200R005",
      "Huawei 5710HI/5310HI V200R003",
      "Huawei 5710HI/5310HI V200R005",
      "Huawei 6700EI/6300EI V200R005"
    ]
  },
  "referenceLink": "http://www.huawei.com/en/psirt/security-advisories/hw-372145",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-07",
  "title": "\u591a\u6b3e\u534e\u4e3a\u4ea4\u6362\u673a\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2014-8570 (GCVE-0-2014-8570)

Vulnerability from cvelistv5

Published

2017-04-02 20:00

Modified

2024-08-06 13:18

Severity ?

CWE

Information Leakage

Summary

Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping.

References

▼	URL	Tags
	http://www.huawei.com/en/psirt/security-advisories/hw-372145	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00	Version: S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Leakage",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-02T19:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2014-8570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "S9300, S9303, S9306, S9312, S7700, S7703, S7706, S7712, S9300E, S9303E, S9306E, S9312E, S9700, S9703, S9706, S9712,S12708, S12712,5700HI,5300HI, 5710EI,5310EI, 5710HI,5310HI, 6700EI,6300EI S9300, S9303, S9306, S9312 with software V100R002,S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005,S9300E, S9303E, S9306E, S9312E with software V200R001,S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005,S12708, S12712 with software V200R005,5700HI,5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005,5710EI,5310EI with software V200R002, V200R003, V200R005,5710HI,5310HI with software V200R003, V200R005,6700EI,6300EI with software V200R00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Leakage"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/hw-372145",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2014-8570",
    "datePublished": "2017-04-02T20:00:00",
    "dateReserved": "2014-10-31T00:00:00",
    "dateUpdated": "2024-08-06T13:18:48.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted