Vulnerability Description
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Fusionmanager | v100r002c03 |
| Huawei | Usg9500 Firmware | <= v200r001c01spc800 |
| Huawei | Usg9500 | - |
| Huawei | Usg2100 Firmware | <= v300r001c00spc900 |
| Huawei | Usg2100 | - |
| Huawei | Usg2200 Firmware | <= v300r001c00spc900 |
| Huawei | Usg2200 | - |
| Huawei | Usg5100 Firmware | <= v300r001c00spc900 |
| Huawei | Usg5100 | - |
| Huawei | Usg5500 Firmware | <= v300r001c00spc900 |
| Huawei | Usg5500 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/hw-372186Vendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/hw-372186Vendor Advisory
FAQ
What is CVE-2014-9137?
CVE-2014-9137 is a vulnerability with a CVSS score of 8.8 (HIGH). Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with so...
How severe is CVE-2014-9137?
CVE-2014-9137 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9137?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Fusionmanager, Huawei Usg9500 Firmware, Huawei Usg9500, Huawei Usg2100 Firmware, Huawei Usg2100.