Sign-up

ID

VAR-201306-0347


CVE

CVE-2013-4628


TITLE

Huawei Campus Switch Multiple running on a device Huawei Quidway SPU Vulnerability in which important information is obtained on the board

Trust: 0.8

sources: JVNDB: JVNDB-2013-003087

DESCRIPTION

The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone. Huawei Quidway Switches are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Huawei Quidway Service Process Unit (value-added service board) is a value-added service version installed in the switch of China Huawei (Huawei), which provides functions such as load balancing, firewall, NAT, IPSec, and NetStream. When the SPU board works in a specific working mode, due to improper system handling, users in low-priority areas may be able to access data in high-priority areas, resulting in information leakage

Trust: 2.16

sources: NVD: CVE-2013-4628 // JVNDB: JVNDB-2013-003087 // BID: 60710 // IVD: e42a6cb8-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-64630

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e42a6cb8-2352-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:huaweimodel:quidway service process unit board s9300scope:eqversion:v200r001c00spc300

Trust: 1.6

vendor:huaweimodel:quidway service process unit board s9700scope:eqversion:v200r001c00spc300

Trust: 1.6

vendor:huaweimodel:quidway service process unit board s7700scope:eqversion:v200r001c00spc300

Trust: 1.6

vendor:huaweimodel:quidway s7700 seriesscope:eqversion:v200r001c00spc300

Trust: 0.8

vendor:huaweimodel:quidway s9300 seriesscope:eqversion:v200r001c00spc300

Trust: 0.8

vendor:huaweimodel:quidway s9700 seriesscope:eqversion:v200r001c00spc300

Trust: 0.8

vendor:quidway service process unit board s7700model:v200r001c00spc300scope: - version: -

Trust: 0.2

vendor:quidway service process unit board s9300model:v200r001c00spc300scope: - version: -

Trust: 0.2

vendor:quidway service process unit board s9700model:v200r001c00spc300scope: - version: -

Trust: 0.2

sources: IVD: e42a6cb8-2352-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2013-003087 // CNNVD: CNNVD-201306-408 // NVD: CVE-2013-4628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4628
value: LOW

Trust: 1.0

NVD: CVE-2013-4628
value: LOW

Trust: 0.8

CNNVD: CNNVD-201306-408
value: LOW

Trust: 0.6

IVD: e42a6cb8-2352-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-64630
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-4628
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: e42a6cb8-2352-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-64630
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: e42a6cb8-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-64630 // JVNDB: JVNDB-2013-003087 // CNNVD: CNNVD-201306-408 // NVD: CVE-2013-4628

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-64630 // JVNDB: JVNDB-2013-003087 // NVD: CVE-2013-4628

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-408

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201306-408

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003087

PATCH
title:Huawei-SA-20130516-01-SPUurl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261458.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003087

EXTERNAL IDS
db:NVDid:CVE-2013-4628
Trust: 3.0
db:CNNVDid:CNNVD-201306-408
Trust: 0.9
db:JVNDBid:JVNDB-2013-003087
Trust: 0.8
db:BIDid:60710
Trust: 0.4
db:IVDid:E42A6CB8-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-64630
Trust: 0.1
sources:
            
            
            IVD: e42a6cb8-2352-11e6-abef-000c29c66e3d // 
            
            
            
            VULHUB: VHN-64630 // 
            
            
            
            BID: 60710 // 
            
            
            
            JVNDB: JVNDB-2013-003087 // 
            
            
            
            CNNVD: CNNVD-201306-408 // 
            
            
            
            NVD: CVE-2013-4628

REFERENCES
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261458.htm
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4628
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4628
Trust: 0.8
url:http://www.huaweidevice.com/worldwide/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-64630 // 
            
            
            
            BID: 60710 // 
            
            
            
            JVNDB: JVNDB-2013-003087 // 
            
            
            
            CNNVD: CNNVD-201306-408 // 
            
            
            
            NVD: CVE-2013-4628

CREDITS
Huawei
Trust: 0.3
sources:
            
            
            BID: 60710

SOURCES
db:IVDid:e42a6cb8-2352-11e6-abef-000c29c66e3d
db:VULHUBid:VHN-64630
db:BIDid:60710
db:JVNDBid:JVNDB-2013-003087
db:CNNVDid:CNNVD-201306-408
db:NVDid:CVE-2013-4628

LAST UPDATE DATE
2025-04-11T23:12:00.733000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-64630date:2013-06-21T00:00:00
db:BIDid:60710date:2013-05-16T00:00:00
db:JVNDBid:JVNDB-2013-003087date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-408date:2013-06-21T00:00:00
db:NVDid:CVE-2013-4628date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:e42a6cb8-2352-11e6-abef-000c29c66e3ddate:2013-06-21T00:00:00
db:VULHUBid:VHN-64630date:2013-06-20T00:00:00
db:BIDid:60710date:2013-05-16T00:00:00
db:JVNDBid:JVNDB-2013-003087date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-408date:2013-06-21T00:00:00
db:NVDid:CVE-2013-4628date:2013-06-20T15:55:01.033