This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our private policy>

Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products

  • SA No:Huawei-SA-20140613-OpenSSL
  • Initial Release Date: 2014-06-13
  • Last Release Date: 2015-03-11

This security advisory (SA) describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software.


The vulnerabilities are referenced in this document as follows:
1.SSL/TLS Man-in-the-Middle Vulnerability (CVE-2014-0224). An unauthenticated, remote attacker with the ability to intercept traffic between an affected client and server could successfully execute a man-in-the-middle attack.(Vulnerability ID: HWPSIRT-2014-0604)

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224

2.DTLS Recursion Flaw Vulnerability (CVE-2014-0221). An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could send an affected device a crafted DTLS packet. This could result in a partial or complete DoS condition on the affected device. (Vulnerability ID: HWPSIRT-2014-0605)

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0221

3.DTLS Invalid Fragment Vulnerability (CVE-2014-0195).  An unauthenticated, remote attacker could send a crafted DTLS packet to an affected device designed to trigger a buffer overflow condition. This could allow the attacker to gain the ability to execute arbitrary code with elevated privileges. (Vulnerability ID: HWPSIRT-2014-0606)

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0195

4.SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability (CVE-2014-0198). An unauthenticated, remote attacker could submit a malicious request designed to trigger a NULL pointer dereference. This could result in a partial or complete DoS condition on the affected device. (Vulnerability ID: HWPSIRT-2014-0607)

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198

5.SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability (CVE-2010-5298). An unauthenticated, remote attacker could submit a malicious request designed to inject content into a parallel context or trigger a DoS condition. (Vulnerability ID: HWPSIRT-2014-0608)

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298

6.Anonymous ECDH Denial of Service Vulnerability (CVE-2014-3470). An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could submit a crafted certificate designed to trigger a NULL pointer dereference. If successful, the attacker could create a DoS condition. (Vulnerability ID: HWPSIRT-2014-0609)

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470

7.ECDSA NONCE Side-Channel Recovery Attack Vulnerability (CVE-2014-0076). An attacker with the ability to run an application on an affected device could recover portions of ECDSA cryptographic materials via a side-channel attack. This could allow the attacker to reconstruct encryption keys used for the protection of network communications. (Vulnerability ID: HWPSIRT-2014-0610)
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076
The 7 vulnerabilities affect the Huawei products that use OpenSSL. Some Product have provided the fixed version.


Product Name

Affected Version

Solved version

USG9300

USG9300 V100R003C00

USG9500 V200R001C01SPH902

USG9500

USG9500 V200R001

USG9500 V200R001C01SPH902

USG9500

USG9500 V300R001C01

USG9500 V300R001C01SPC300

USG9500

USG9500 V300R001C20

USG9500 V300R001C20SPH102

AnyOffice

AnyOffice V200R002C10

V200R002C10L00003SPH002

USG2000 Series

V300R001C10SPC200 and earlier versions

V300R001C10SPH201

USG5000 Series

V300R001C10SPC200 and earlier versions

V300R001C10SPH201

AVE2000 Series

All V100R001C00 versions

V100R001C00SPH001

SVN2200 Series

V200R001C01SPC600 and earlier versions

V200R001C01HP0001

SVN5500 Series

V200R001C01SPC600 and earlier versions

V200R001C01HP0001

SVN3000 Series

V100R002C02SPC800 and earlier versions

V100R002C02SPH804

SVN5300 Series

V200R001C00SPC500 and earlier versions

V200R001C00SPH501

SRG1200&2200&3200 Series

V100R002C02SPC800 and earlier versions

V100R002C02HP0001

ASG2000 Series

V100R001C10 and earlier versions

V100R001C10SPH001

NIP2000&5000 Series

V100R002C10SPC100 and earlier versions

V100R002C10HP0001

HyperDP

OceanStor N8500 V200R001C09

V200R001C09SPC501

HyperDP

OceanStor N8500 V200R001C91

V200R001C91SPC201

ManageOne

V100R001C02

V100R001C02 SPC901

ManageOne

V100R002C00

V100R002C10 SPC320

ManageOne

V100R002C10

FusionCube

V100R002

FusionCompute V100R003C10SPC600

FusionManager V100R003C10SPC600

FusionStorage V100R003C02SPC102

FusionSphere

V100R003

FusionCompute V100R003C10SPC600

FusionManager V100R003C10SPC600

FusionManager V100R003C00CP3006

OceanStor  S6800T

V100R001、V100R002、V100R005

V100R005C30SPC100

OceanStor  S5800T

V100R001、V100R002、V100R005

V100R005C30SPC100

OceanStor  S2600T

V100R002、V100R005

V100R005C30SPC100

OceanStor S5600T

V100R001、V100R002、V100R005

V100R005C30SPC100

OceanStor S5500T

V100R001、V100R002、V100R005

V100R005C30SPC100

OceanStor S2200T

V100R005

V100R005C30SPC100

S2900

V100R002、V100R005

OceanStor S2600T V100R005C30SPC100

S5900

V100R001、V100R002、V100R005

OceanStor S5600T V100R005C30SPC100

S3900

V100R001、V100R002、V100R005

OceanStor S5500T V100R005C30SPC100

S6900

V100R001、V100R002、V100R005

OceanStor S6800T V100R005C30SPC100

eSight-eWL

V100R001

eSight V300R001C10SPC300

eCNS600

V100R001C00

eCNS600 V100R003C00

eCNS600

V100R002C00

eCNS600 V100R003C00

eCNS610

V100R001C00

eCNS610 V100R003C00

GTSOFTX3000

V200R001C01

GTSOFTX3000 V200R001C01SPS103

Policy Center

V100R003C00

V100R003C00SPC305

Agile Controller

V100R001C00

V100R001C00SPC200

OIC

V100R001C00

V100R001C00SPC402

eLog

V100R003C01

eLogV100R003C01SPC503

VSM

V200R002C00

VSM V200R002C00SPC503

LogCenter

V200R003C10

eSight V2R3C01SPC205
eSight V2R3C10SPC201

UMA

UMA V200R001C00SPC100

 V200R001C00SPC200

DSM

DSM V100R002

V100R002C05SPC615

TSM

V100R002

V100R002C07SPC219

VPN Client

V100R001

V100R001C02SPC702

iSOC 3000

iSOC V200R001C00

V200R001C00SPC202

iSOC 5000

iSOC V200R001C01

V200R001C01SPC101

iSOC 9000

iSOC V200R001C02

V200R001C02SPC202

UMA-DB

V2R1COOSPC101

V2R1COOSPC101

S7700&S9700

V100R006
V200R001
V200R002
V200R003
V200R005

V200R005+V200R005HP0001

S12700

V200R005

V200R005+V200R005HP0001

S2750&S5700&S6700

V100R006
V200R001
V200R002
V200R003

V200R005+V200R005HP0001

S2700&S3700

V100R006

V100R006C05+V100R06HP0011

eSpace Desktop

eSpace Desktop V200R001C03

eSpace Desktop V200R001C03SPCb00

eSpace VTM

eSpace VTM V100R001

VTM V100R001C30

eSpace CC

eSpace CC V200R001

CC V200R001C31

eSpace U2990

eSpace U2990 V200R001

eSpace U2990 V200R001C02

eSpace U2980

eSpace U2980 V100R001

eSpace U2980 V100R001C02

eSpace USM

eSpace USM V100R001

eSpace USM V100R001C01

eSpace U19**

eSpace U19** V100R001

eSpace U19** V100R001C10

SoftCo

SoftCo V100R003

SoftCo V200R001C01

SoftCo V200R001

SoftCo V200R001C01

eSpace IAD

eSpace IAD V300R002

eSpace IAD V300R002C01

eSpace IAD V300R001C07

eSpace IAD V300R002C01

eSpace IVS

eSpace IVS V100R001C02

eSpace IVS V100R001C02SPC111

eSpace IPC

eSpace IPC V100R001C11

eSpace IPC V100R001C21

eSpace IPC V200R001C01

eSpace IPC V200R001C02

eSpace IPC V100R001C11SPC205

eSpace IPC V100R001C21SPC205

eSpace IPC V200R001C02SPC200

eSpace meeting portal

V100R001C00

eSpace Meeting Portal V100R001C00SPC303

eUPP

V100R001C01

eUPP V100R001C01SPC101

eUPP

V100R001C10

eUPP V100R001C10SPC002

SMC2.0

HUAWEI SMC2.0 V100R002C01B017SP16

HUAWEI SMC2.0 V100R002C01B017SP17

HUAWEI SMC2.0 V100R002C01B025SP07

HUAWEI SMC2.0 V100R002C01B025SP08

HUAWEI SMC2.0 V100R002C03B015SP03

SMC2.0 V100R003C00SPC100B019

SMC2.0 V100R002C04B017SP02

SMC2.0 V100R002C04B017SP04

Tecal RH1288 V2

Tecal RH1288 V2 V100R002

Tecal RH1288 V2 V100R002C00SPC106

Tecal RH2285 V2

Tecal RH2285 V2 V100R002

Tecal RH2285 V2 V100R002C00SPC115

Tecal RH2285H V2

Tecal RH2285H V2 V100R002

Tecal RH2285H V2 V100R002C00SPC110

Tecal RH2288 V2

Tecal RH2288 V2 V100R002

Tecal RH2288 V2 V100R002C00SPC116

Tecal RH2288E V2

Tecal RH2288E V2 V100R002

Tecal RH2288E V2 V100R002C00SPC101

Tecal RH2288H V2

Tecal RH2288H V2 V100R002

Tecal RH2288H V2 V100R002C00SPC112

Tecal RH2485 V2

Tecal RH2485 V2 V100R002

Tecal RH2485 V2 V100R002C00SPC502B010

Tecal RH5885 V2

Tecal RH5885 V2 V100R001

Tecal RH5885 V2 V100R001C02SPC110B010

Tecal RH5885 V3

Tecal RH5885 V3 V100R003

Tecal RH5885 V3 V100R003C01SPC102

Tecal RH5885H V3

Tecal RH5885H V3 V100R003

Tecal RH5885H V3 V100R003C00SPC102

Tecal X6000

Tecal XH310 V2 V100R001

Tecal XH311 V2 V100R001

Tecal XH320 V2 V100R001

Tecal XH321 V2 V100R002

Tecal XH621 V2 V100R001

Tecal XH310 V2 V100R001C00SPC109

Tecal XH311 V2 V100R001C00SPC109

Tecal XH320 V2 V100R001C00SPC110

Tecal XH321 V2 V100R002C00SPC100

Tecal XH621 V2 V100R001C00SPC106

Tecal X8000

Tecal X8000 Rack V100R001 (Tecal DH620 V2 V100R001

Tecal DH621 V2 V100R001

Tecal DH310 V2 V100R001

Tecal DH320 V2 V100R001

Tecal DH628 V2 V100R001)

Tecal X8000 Rack V100R001C00SPC110

Tecal DH620 V2 V100R001C00SPC106

Tecal DH621 V2 V100R001C00SPC106

Tecal DH310 V2 V100R001C00SPC109

Tecal DH320 V2 V100R001C00SPC106

Tecal DH628 V2 V100R001C00SPC106

Tecal E6000

Tecal BH620 V2 V100R002

Tecal BH621 V2 V100R002

Tecal BH622 V2 V100R002

Tecal BH640 V2 V100R002

Tecal BH620 V2 V100R002C00SPC106

Tecal BH621 V2 V100R002C00SPC106

Tecal BH622 V2 V100R002C00SPC109

Tecal BH640 V2 V100R002C00SPC108

Successful exploitation of these vulnerabilities may allow an attacker to perform a man-in-the-middle attack, create a denial of service condition, disclose sensitive information, or execute arbitrary code with elevated privileges.

The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).

1.CVE-2014-0224:

Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Temporal Score: 4.8 (E:F/RL:O/RC:C)

Overall Score: 4.8

2.CVE-2014-0221:

Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Temporal Score: 3.4 (E:P/RL:O/RC:C)

Overall Score: 3.4

3.CVE-2014-0195:

Base Score: 9.3(AV:N/AC:M/AU:N/C:C/I:C/A:C)

Temporal Score: 7.7 (E:F/RL:O/RC:C)

Overall Score: 7.7

4.CVE-2014-0198:

Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Temporal Score: 3.4 (E:P/RL:O/RC:C)

Overall Score: 3.4

5.CVE-2010-5298:

Base Score: 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)

Temporal Score: 3.2 (E:P/RL:O/RC:C)

Overall Score: 3.2

6.CVE-2014-3470:

Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Temporal Score: 3.4 (E:P/RL:O/RC:C)

Overall Score: 3.4

7.CVE-2014-0221:

Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Temporal Score: 3.4 (E:P/RL:O/RC:C)

Overall Score: 3.4

For additional details, customers are advised to reference the OpenSSL Project security advisory: http://www.openssl.org/news/secadv_20140605.txt

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.


These vulnerabilities are disclosed by OpenSSL official website. 

For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.


2015-03-11 V1.4 UPDATED Update the link information
2014-08-05 V1.3 UPDATED Update the Software Versions and Fixes

2014-07-05 V1.2 UPDATED Update the Software Versions and Fixes

2014-06-20 V1.1 UPDATED Update the Software Versions and Fixes

2014-06-13 V1.0 INITIAL

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.


Complete information for providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/.