Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9415

CWE-20 — Improper Input Validation4 documents4 sources

Severity

1.9LOW

EPSS

0.1%

top 71.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Huawei Espace Desktop

Timeline

PublishedDec 24

Latest updateMay 14

Description

Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDhuawei/espace_desktopv100r001c03

Patches

Patch: www.huawei.com ↗Patch: www.huawei.com ↗

🔴Vulnerability Details

GHSA

GHSA-7mrm-5p33-96rq: Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file↗2022-05-14

▶

CVEList

CVE-2014-9415: Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file↗2014-12-24

▶

💥Exploits & PoCs

Exploit-DB

Huawei eSpace Meeting 1.1.11.103 - 'cenwpoll.dll' SEH Buffer Overflow (Unicode)↗2019-05-20

▶