Security Advisory - Two Vulnerabilities in Huawei TE Series Product
- SA No:Huawei-SA-20151125-01-TE
- Initial Release Date: 2015-11-25
- Last Release Date: 2016-01-06
Huawei TE series is a multimedia video conferencing endpoint that transfers audio, video, and desktop resources based on IP networks. It offers point-to-point and multiparty conferences for attendees at different places to enjoy face-to-face audio/video communication experience.
A security vulnerability exists in the presentatibon sending/receiving permission management mechanism of Huawei TE product. An attacker can access the TE through Wi-Fi to trigger abnormal processing of wireless presentation in specific scenarios. As a result, the sending of wired presentation in use stops, affecting normal services. (Vulnerability ID: HWPSIRT-2015-08043)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8672.
The Debug account on Huawei TE product has an old password check vulnerability. If a user logs in to a PC using the Debug account and leaves the PC, an attacker changes the password of the Debug account without entering the old password and obtains the permissions of the Debug account. (Vulnerability ID: HWPSIRT-2015-10002)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8673.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462952.htm
|
Product Name |
Affected Version |
Resolved Product and Version |
|
TE30/40/50/60 |
TE60[1] V100R001C10B022 |
TE60 V100R001C10SPC100 |
[1] The TE60 software supports multiple hardware platforms which come in four models: TE30, TE40, TE50, and TE60.
HWPSIRT-2015-08043
Successful exploitation of this vulnerability may abnormally stop the sending of wired presentation, affecting normal services.
HWPSIRT-2015-10002
Successful exploitation of this vulnerability enables an attacker to change the password and obtain the permissions of the Debug account.
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
HWPSIRT-2015-08043
Base Score: 3.3 (AC:A/AC:L/Au:N/C:N/I:N/A:P)
Temporal Score: 2.7 (E:F/RL:O/RC:C)
HWPSIRT-2015-10002
Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Temporal Score: 5.7 (E:F/RL:O/RC:C)
HWPSIRT-2015-08043
Prerequisite:
- The attacker can access the TE through Wi-Fi;
Attacking procedure:
An attacker can access the product through Wi-Fi to trigger abnormal processing of wireless presentation in specific scenarios. The TE product does not implement effective permission control over the sending and receiving of presentation. As a result, the sending of wired presentation in use stops, affecting normal services.
HWPSIRT-2015-10002
Prerequisite:
- A user logs in to the PC successfully using the Debug account;.
- The attacker can approach and perform operations on the PC;
Attacking procedure:
A user logs in to a PC using the Debug account and leaves the PC. The TE product does not verify the old password of the Debug account during password change operations. Therefore, an attacker can change the password of the Debug account without entering the old password and obtain the permissions of the Debug account.
For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.
For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.
2016-01-06 V1.1 UPDATED Assigned a CVE ID to the vulnerability
2015-11-25 V1.0 INITIAL
None
