Security Notice-Statement on NTP.org and CERT/CC Revealing Security Vulnerabilities in NTPd
- Initial Release Date: 2014-12-23
- Last Release Date: 2015-12-15
Huawei was notified about information released by NTP.org and CERT/CC regarding four security vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296) in NTP daemon (ntpd) on December 19th, 2014. Huawei immediately launched a thorough investigation.
The investigation is still ongoing. The results of the investigation show that some of the Huawei products are vulnerable for these vulnerabilities. Huawei PSIRT will keep updating the SN. Please stay tuned.
The following Huawei products Confirmed Vulnerable:
|
Product Name |
Affected Version |
|
V200R002C00SPC700 V200R001C00 V200R003C10 V200R005C00/C10 V200R006C00 |
|
|
ACU |
V200R002C00SPH601 V200R002C00SPH602B001 V200R002SPH007 |
|
Campus Controller |
V100R001C00B001 |
|
DC |
V100R002C01SPC001 |
|
DH320 V2 |
V100R001C00 |
|
DH620 V2 |
V100R001C00 |
|
DH621 V2 |
V100R001C00 |
|
DH628 V2 |
V100R001C00 |
|
E6000 Chassis |
V100R001C00 |
|
E9000 Chassis |
V100R001C00 |
|
eLog |
V100R003C01 V200R003C10 |
|
eSight Network |
V200R003C01/C10 V200R005C00 |
|
eSight UC&C |
V100R001C01/C20 |
|
eSpace CAD |
V100R001C01LHUE01 |
|
eSpace CC |
V200R001C03/C31/C32/C50 |
|
eSpace DCM |
V100R001C01/C02/C03 V100R002C01 |
|
eSpace EMS |
V200R001C03 |
|
eSpace IVS |
V100R001C02 |
|
eSpace Meeting Portal |
V100R001C00 |
|
eSpace U2980 |
V100R001C02SPC200 V100R001C01 V200R003C00 |
|
eSpace UC |
V100R002C01 V200R002C00 V200R003C00 |
|
eSpace USM |
V200R003C00 |
|
eSpace VCN3000 |
V100R002C00 |
|
eSpace VTM |
V100R001C02/C30 V100R002C00 |
|
FusionAccess |
V100R005C10/C20 |
|
FusionCompute |
V100R003C00/C10 V100R005C00/C10 |
|
FusionCube |
V100R002C01SPC100 V100R002C02SPC100 V100R002C02SPC200 V100R002C02SPC300 |
|
FusionManager |
V100R003C10 V100R005C00 |
|
FusionSphere OpenStack |
V100R005C00 |
|
FusionSphere Tool |
V100R003C00SPC201B002 |
|
GalaX8800 |
V100R002C00/C01/C83/C85 |
|
ManageOne SC |
V100R002C20 |
|
ManageOne |
V100R002C00/C10 |
|
OceanStor 18500 |
V100R001C00 |
|
OceanStor 18800 |
V100R001C00 |
|
OceanStor 18800F |
V100R001C00 |
|
OceanStor 9000 |
V100R001C00/C01/C20/C30 |
|
OceanStor 9000E |
V100R002C19 |
|
OceanStor HDP3500E |
V100R003C00 |
|
OceanStor HVS85T |
V100R001C00 |
|
OceanStor HVS88T |
V100R001C00 |
|
OceanStor S2600T |
V200R002C00 |
|
OceanStor S5500T |
V200R002C00 |
|
OceanStor S5600T |
V200R002C00 |
|
OceanStor S5800T |
V200R002C00 |
|
OceanStor S6800T |
V200R002C00 |
|
OceanStor UDS |
V100R002C00/C01 |
|
OMM Solution |
V100R001C00 |
|
RH1288 V2 |
V100R002C00 |
|
RH2285 V2 |
V100R002C00 |
|
RH2285H V2 |
V100R002C00 |
|
RH2288 V2 |
V100R002C00 |
|
RH2288E V2 |
V100R002C00 |
|
RH2288H V2 |
V100R002C00 |
|
RH2485 V2 |
V100R002C00 |
|
RH5885 V2 |
V100R001C00 |
|
RH5885 V3 |
V100R003C01 |
|
RH5885H V3 |
V100R003C00 |
|
Smart CDN |
V100R001C06 |
|
Tecal XH310 V2 |
V100R001C00SPC100 |
|
Tecal XH311 V2 |
V100R001C00SPC100 |
|
Tecal XH320 V2 |
V100R001C00SPC105 |
|
Tecal XH621 V2 |
V100R001C00B010 |
|
V1300N |
V100R002C02 |
|
VCM |
V100R001C00 |
|
VCN500 |
V100R002C00 |
|
X8000 Rack |
V100R001C00 |
The following Huawei products Confirmed Not Vulnerable:
|
Product Name |
|
AR-UMS |
|
BH620 V2/ BH621 V2/ BH622 V2/ BH640 V2 |
|
CH121/ CH121 V3/ CH140/ CH220 V3/ CH221/ CH222/ CH222 V3/ CH240/ CH242/ CH242 V3 |
|
DC Server |
|
EDC Solution |
|
eLWP |
|
eNSP |
|
eSAP |
|
eSpace Audio Recorder |
|
eSpace IPC |
|
eSpace UMS |
|
Eudemon8000E-X8 |
|
FusionCloud Desktop Solution |
|
FusionCloud Server/ FusionCloud Server II |
|
FusionServer 9032 |
|
FusionServer Tools |
|
iBMC |
|
iMM |
|
IPC6112-D/ IPC6122-D/ IPC6221-VRZ/ IPC6611-Z30-I/ IPC6621-Z30-I |
|
L2800 |
|
OceanStor CSE |
|
P8000 SSD Card |
|
PowerCache-Ram-Based SSD |
|
SAP HANA Appliance |
|
Secospace USG6600 |
|
SingleCLOUD Solution |
|
T8000 |
|
TeleClassroom |
|
Tecal RH1288 V3 |
|
UMA |
|
USG9560 |
|
WS6603 |
|
X6000 |
2015-02-13 V2.0 UPDATED updated list of affected products
2015-01-14 V1.9 UPDATED updated list of affected products
2015-01-06 V1.8 UPDATED updated list of affected products
2015-01-04 V1.7 UPDATED updated list of affected products
2014-12-31 V1.6 UPDATED updated list of affected products
2014-12-29 V1.5 UPDATED updated list of affected products
2014-12-27 V1.4 UPDATED updated list of affected products
2014-12-26 V1.3 UPDATED updated list of affected products
2014-12-25 V1.2 UPDATED updated list of affected products
2014-12-24 V1.1 UPDATED updated list of affected products
2014-12-23 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.