安全预警-华为产品中的SSLv3 POODLE安全漏洞
- 预警编号:Huawei-SA-20141215-01-POODLE
- 初始发布时间: 2014-12-15
- 更新发布时间: 2015-05-05
此漏洞的CVE编号为:CVE-2014-3566。
|
产品名称 |
版本号 |
修复产品版本号 |
|
AC6005 |
V200R003C00 |
V200R005C10 |
|
AC6605 |
V200R001C00 |
V200R005C10 |
|
ACU2 |
V200R005C00 |
V200R005C10 |
|
AP3010DN-AGN-FAT/ AP5010DN-AGN-FAT/ AP5010SN-GN-FAT/ AP6010DN-AGN-FAT/ AP6010SN-GN-FAT/ AP6510DN-AGN-FAT/ AP6610DN-AGN-FAT |
V200R003C00 |
V200R005C10 |
|
AP5030DN-FAT/ AP5130DN-FAT/ AP7110DN-AGN-FAT |
V200R005C00 |
V200R005C10 |
|
AR3200 |
V200R005C30 |
Upgrade to V200R005C32B190 |
|
V200R005C32 |
V200R005C32B190 |
|
|
BH620 V2 |
V100R002C00 |
V100R002C00SPC300 |
|
BH622 V2 |
V100R002C00 |
V100R002C00SPC300 |
|
CH121/ CH220/ CH221/ CH240/ CH242 |
V100R001C00 |
V100R001C00SPC200 |
|
CH140/ CH242 V3 |
V100R001C00 |
V100R001C00SPC130 |
|
CH222 |
V100R002C00 |
V100R002C00SPC200 |
|
E6000 Chassis |
V100R001C00 |
V100R001C00SPC300 |
|
E9000 Chassis |
V100R001C00 |
V100R001C00SPC201 |
|
eSight Network |
V200R003C10 |
Upgrade to V200R005C00SPC504 |
|
V200R005C00 |
V200R005C00SPC504 |
|
|
eSight UC&C |
V100R001C01 |
Upgrade to V100R001C20SPC307 |
|
V100R001C20 |
V100R001C20SPC307 |
|
|
V100R002C00 |
eSight Solution V300R002C00SPC301 |
|
|
eSpace Agent Desktop |
V200R001C03 |
Upgrade to eSpace CC V200R001C03SPC206B01f |
|
eSpace ECS |
V200R002C00 |
V200R002C00SPC202 |
|
eSpace U2980 |
V100R001C01 |
Upgrade to V100R001C10SPC105 |
|
eSpace USM |
V100R001C01 |
Upgrade to V100R001C10SPC105 |
|
V100R001 C10 |
V100R001C10SPC105 |
|
|
ManageOne SC |
V100R002C20 |
|
|
ManageOne |
V100R002C00/ C10/ C20 |
|
|
OceanStor ReplicationDirector |
V100R002C10 |
Upgrade to V100R003C00SPC400 |
|
V100R003C00 |
V100R003C00SPC400 |
|
|
RH2288 V2 |
V100R002C00 |
V100R002C00SPC300 |
|
RH5885 V3 |
V100R003C00/ C01 |
V100R003C00SPC105 |
|
S12700 |
V200R005C00 |
V200R005SPH003 |
|
V200R006C00 |
V200R006SPH002 |
|
|
S2300/2700/3300/3700 |
V100R006C05 |
V100R006SPH020 |
|
V100R006C03 |
||
|
V100R006C00 |
||
|
S5300/5700/6300/6700 |
V200R001C00 |
V200R001SPH018 |
|
V200R003C00 |
V200R003SPH011 |
|
|
V200R005C00 |
V200R005SPH003 |
|
|
S5300/5700 |
V200R006C00 |
V200R006SPH003 |
|
S9300/9300E/7700/9700 |
V100R006C00 |
Upgrade to V200R003C00SPC300 and V200R003SPH010 |
|
V200R001C00 |
V200R001SPH022 |
|
|
V200R003C00 |
V200R03SPH010 |
|
|
V200R005C00 |
V200R005SPH003 |
|
|
V200R006C00 |
V200R006SPH002 |
基础得分:4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
临时得分:3.6 (E:F/RL:O/RC:C)
攻击者必须能拦截通信过程的数据包
2. 攻击步骤:
SSLv3协议没有对加密内容做完整的保护,这可能导致对SSLv3连接的中间人攻击。虽然业界已经广泛使用TLS协议替换SSLv3,但是攻击者可以干扰TLS的协商过程,使通信双方用SSLv3而不是TLS建立连接,进而利用SSLv3的安全漏洞对加密通信进行解密。
TAC的联系方式见链接: http://www.huawei.com/cn/security/psirt/report-vulnerabilities/index.htm.
对于通用的华为产品和解决方案的问题,直接联系华为TAC(Huawei Technical Assistance Center)获取相关问题的配置或技术协助
2015-03-24 V1.2 UPDATED updated list of affected products
2015-01-16 V1.1 UPDATED updated list of affected products
2014-12-15 V1.0 INITIAL
