This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our private policy>

Security Notice - Statement on Remote Code Execution Vulnerability in Apache Struts2

  • Initial Release Date: 2017-03-13
  • Last Release Date: 2017-03-17

Huawei was notified about security notice S2-045 (CVE-2017-5638) released by Apache Struts2. Huawei immediately launched a thorough investigation.

Huawei has delivered Security Advisory. Customers can get necessary support for product security vulnerabilities through Huawei local technical service. The link of the security advisory is: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170316-01-struts2-en

Customers can deploy Huawei NGFWs (Next Generation Firewall) or data center firewalls, and upgrade the IPS signature database to the latest version IPS_H20011000_2017030703 released on March 7, 2016 to detect and defend against the vulnerability exploits initiated from the Internet.

The following Huawei products Confirmed Vulnerable:

Product Name

Affected Version

AAA

V300R003C30

V500R005C00

V500R005C10

V500R005C11

V500R005C12

V500R005C13

AnyOffice

2.5.0302.0201T

2.5.0501.0290

V200R005C00

CloudOpera Orchestrator SDN

V200R001C10

eLog

V200R005C00

eSight Network

V300R005C00

V300R006C00

eSpace ECS

V200R002C00

V200R003C00

V200R003C10

V300R001C00

iManager N2510

V200R015C00

V200R015C10

V200R016C00

V200R017C00

V200R017C10

iManager NetEco 6000

V600R007C80

V600R007C80SPC100

V600R007C80SPC200

V600R007C90

V600R007C90SPC100

V600R007C91

V600R007C91SPC100

iManager NetEco

V600R007C11

V600R007C50

V600R007C60SPC100

V600R008C00

V600R008C00SPC100

V600R008C10

V600R008C10SPC100

V600R008C20

iManager U2000

V200R014C50

V200R014C60

V200R015C50

V200R015C60

V200R016C50

V200R016C60

OceanStor 18500

V100R001C00

OceanStor 9000

V100R001C01

V100R001C30

V300R005C00

V300R006C00

OMP9360

V100R001C10

V100R001C20

V100R001C30

Policy Center

V100R003C00

V100R003C10

Secospace AntiDDoS8030

V100R001C00

SMSGW

V100R002C01

V100R002C11

V100R003C01

UPortal2800

V100R001C10

V100R001C20

V500R001C10

V500R001C20

The following Huawei products Confirmed Not Vulnerable:

Product Name

eSpace USM

FusionAccess

GENEX Nastar

iManager PRS

iManager U2000-M

iManager U2520

infracontrol plug-in

NFA2000V

NIP5500

OceanStor 6900 V3

OceanStor Backup Software

OceanStor N8500

OceanStor Onebox

OceanStor S2600T

OceanStor S5500T

OceanStor S5600T

OceanStor S5800T

OceanStor S6800T

OceanStor VTL6900

RCS9880

Secospace USG6600

SIG9800-X16

UPCC


2017-03-17 V1.2 UPDATED added Security Advisory link and updated the list
2017-03-14 V1.1 UPDATED updated the affected and not affected products list
2017-03-13 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.