What is the severity of CVE-2014-9136?

CVE-2014-9136 has been rated as a medium severity vulnerability due to the potential for CSRF attacks.

How do I fix CVE-2014-9136?

To mitigate CVE-2014-9136, upgrade Huawei FusionManager to a version later than V100R003C00.

What systems are affected by CVE-2014-9136?

CVE-2014-9136 affects Huawei FusionManager software versions V100R002C03 and V100R003C00.

Can CVE-2014-9136 be exploited remotely?

Yes, CVE-2014-9136 can be exploited remotely by an unauthenticated attacker.

What type of attack does CVE-2014-9136 facilitate?

CVE-2014-9136 facilitates a Cross-Site Request Forgery (CSRF) attack against users of the web interface.

Vulnerability/
CVE-2014-9136

high

8.8

CWE

352

2/4/2017

6/8/2024

CVE-2014-9136: CSRF

First published: Sun Apr 02 2017(Updated: )

Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei FusionManager	<=v100r002c03
Huawei FusionManager	<=v100r003c00
Huawei USG9500 firmware	<=v200r001c01spc800
Huawei USG9500 firmware	<=v300r001c00
Huawei Eudemon USG9500
Huawei USG2100 Firmware	<=v300r001c00spc900
Huawei E200E-USG2100
Huawei USG2200	<=v300r001c00spc900
Huawei E200 USG2200
Huawei USG5100	<=v300r001c00spc900
Huawei E200 USG5100
Huawei Unified Security Gateway Firmware	<=v300r001c00spc900
Huawei USG5500 firmware

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/hw-372186

Frequently Asked Questions

What is the severity of CVE-2014-9136?
CVE-2014-9136 has been rated as a medium severity vulnerability due to the potential for CSRF attacks.
How do I fix CVE-2014-9136?
To mitigate CVE-2014-9136, upgrade Huawei FusionManager to a version later than V100R003C00.
What systems are affected by CVE-2014-9136?
CVE-2014-9136 affects Huawei FusionManager software versions V100R002C03 and V100R003C00.
Can CVE-2014-9136 be exploited remotely?
Yes, CVE-2014-9136 can be exploited remotely by an unauthenticated attacker.
What type of attack does CVE-2014-9136 facilitate?
CVE-2014-9136 facilitates a Cross-Site Request Forgery (CSRF) attack against users of the web interface.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/references
agent/last-modified-date
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/huawei
canonical/huawei fusionmanager
version/huawei fusionmanager/v100r002c03
version/huawei fusionmanager/v100r003c00
canonical/huawei usg9500 firmware
version/huawei usg9500 firmware/v200r001c01spc800
version/huawei usg9500 firmware/v300r001c00
canonical/huawei eudemon usg9500
canonical/huawei usg2100 firmware
version/huawei usg2100 firmware/v300r001c00spc900
canonical/huawei e200e-usg2100
canonical/huawei usg2200
version/huawei usg2200/v300r001c00spc900
canonical/huawei e200 usg2200
canonical/huawei usg5100
version/huawei usg5100/v300r001c00spc900
canonical/huawei e200 usg5100
canonical/huawei unified security gateway firmware
version/huawei unified security gateway firmware/v300r001c00spc900
canonical/huawei usg5500 firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.