Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products
- SA No:Huawei-SA-20140613-OpenSSL
- Initial Release Date: Jun 13, 2014
- Last Release Date: Mar 11, 2015
This security advisory (SA) describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software.
The vulnerabilities are referenced in this document as follows:
1.SSL/TLS Man-in-the-Middle Vulnerability (CVE-2014-0224). An unauthenticated, remote attacker with the ability to intercept traffic between an affected client and server could successfully execute a man-in-the-middle attack.(Vulnerability ID: HWPSIRT-2014-0604)
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224
2.DTLS Recursion Flaw Vulnerability (CVE-2014-0221). An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could send an affected device a crafted DTLS packet. This could result in a partial or complete DoS condition on the affected device. (Vulnerability ID: HWPSIRT-2014-0605)The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0221
3.DTLS Invalid Fragment Vulnerability (CVE-2014-0195). An unauthenticated, remote attacker could send a crafted DTLS packet to an affected device designed to trigger a buffer overflow condition. This could allow the attacker to gain the ability to execute arbitrary code with elevated privileges. (Vulnerability ID: HWPSIRT-2014-0606)The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0195
4.SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability (CVE-2014-0198). An unauthenticated, remote attacker could submit a malicious request designed to trigger a NULL pointer dereference. This could result in a partial or complete DoS condition on the affected device. (Vulnerability ID: HWPSIRT-2014-0607)The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198
5.SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability (CVE-2010-5298). An unauthenticated, remote attacker could submit a malicious request designed to inject content into a parallel context or trigger a DoS condition. (Vulnerability ID: HWPSIRT-2014-0608)The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
6.Anonymous ECDH Denial of Service Vulnerability (CVE-2014-3470). An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could submit a crafted certificate designed to trigger a NULL pointer dereference. If successful, the attacker could create a DoS condition. (Vulnerability ID: HWPSIRT-2014-0609)The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470
7.ECDSA NONCE Side-Channel Recovery Attack Vulnerability (CVE-2014-0076). An attacker with the ability to run an application on an affected device could recover portions of ECDSA cryptographic materials via a side-channel attack. This could allow the attacker to reconstruct encryption keys used for the protection of network communications. (Vulnerability ID: HWPSIRT-2014-0610)The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076
The 7 vulnerabilities affect the Huawei products that use OpenSSL. Some Product have provided the fixed version.
|
Product Name |
Affected Version |
Solved version |
|
USG9300 |
USG9300 V100R003C00 |
USG9500 V200R001C01SPH902 |
|
USG9500 |
USG9500 V200R001 |
USG9500 V200R001C01SPH902 |
|
USG9500 |
USG9500 V300R001C01 |
USG9500 V300R001C01SPC300 |
|
USG9500 |
USG9500 V300R001C20 |
USG9500 V300R001C20SPH102 |
|
AnyOffice |
AnyOffice V200R002C10 |
V200R002C10L00003SPH002 |
|
USG2000 Series |
V300R001C10SPC200 and earlier versions |
V300R001C10SPH201 |
|
USG5000 Series |
V300R001C10SPC200 and earlier versions |
V300R001C10SPH201 |
|
AVE2000 Series |
All V100R001C00 versions |
V100R001C00SPH001 |
|
SVN2200 Series |
V200R001C01SPC600 and earlier versions |
V200R001C01HP0001 |
|
SVN5500 Series |
V200R001C01SPC600 and earlier versions |
V200R001C01HP0001 |
|
SVN3000 Series |
V100R002C02SPC800 and earlier versions |
V100R002C02SPH804 |
|
SVN5300 Series |
V200R001C00SPC500 and earlier versions |
V200R001C00SPH501 |
|
SRG1200&2200&3200 Series |
V100R002C02SPC800 and earlier versions |
V100R002C02HP0001 |
|
ASG2000 Series |
V100R001C10 and earlier versions |
V100R001C10SPH001 |
|
NIP2000&5000 Series |
V100R002C10SPC100 and earlier versions |
V100R002C10HP0001 |
|
HyperDP |
OceanStor N8500 V200R001C09 |
V200R001C09SPC501 |
|
HyperDP |
OceanStor N8500 V200R001C91 |
V200R001C91SPC201 |
|
ManageOne |
V100R001C02 |
V100R001C02 SPC901 |
|
ManageOne |
V100R002C00 |
V100R002C10 SPC320 |
|
ManageOne |
V100R002C10 |
|
|
FusionCube |
V100R002 |
FusionCompute V100R003C10SPC600 FusionManager V100R003C10SPC600 FusionStorage V100R003C02SPC102 |
|
FusionSphere |
V100R003 |
FusionCompute V100R003C10SPC600 FusionManager V100R003C10SPC600 FusionManager V100R003C00CP3006 |
|
OceanStor S6800T |
V100R001、V100R002、V100R005 |
V100R005C30SPC100 |
|
OceanStor S5800T |
V100R001、V100R002、V100R005 |
V100R005C30SPC100 |
|
OceanStor S2600T |
V100R002、V100R005 |
V100R005C30SPC100 |
|
OceanStor S5600T |
V100R001、V100R002、V100R005 |
V100R005C30SPC100 |
|
OceanStor S5500T |
V100R001、V100R002、V100R005 |
V100R005C30SPC100 |
|
OceanStor S2200T |
V100R005 |
V100R005C30SPC100 |
|
S2900 |
V100R002、V100R005 |
OceanStor S2600T V100R005C30SPC100 |
|
S5900 |
V100R001、V100R002、V100R005 |
OceanStor S5600T V100R005C30SPC100 |
|
S3900 |
V100R001、V100R002、V100R005 |
OceanStor S5500T V100R005C30SPC100 |
|
S6900 |
V100R001、V100R002、V100R005 |
OceanStor S6800T V100R005C30SPC100 |
|
eSight-eWL |
V100R001 |
eSight V300R001C10SPC300 |
|
eCNS600 |
V100R001C00 |
eCNS600 V100R003C00 |
|
eCNS600 |
V100R002C00 |
eCNS600 V100R003C00 |
|
eCNS610 |
V100R001C00 |
eCNS610 V100R003C00 |
|
GTSOFTX3000 |
V200R001C01 |
GTSOFTX3000 V200R001C01SPS103 |
|
Policy Center |
V100R003C00 |
V100R003C00SPC305 |
|
Agile Controller |
V100R001C00 |
V100R001C00SPC200 |
|
OIC |
V100R001C00 |
V100R001C00SPC402 |
|
eLog |
V100R003C01 |
eLogV100R003C01SPC503 |
|
VSM |
V200R002C00 |
VSM V200R002C00SPC503 |
|
LogCenter |
V200R003C10 |
eSight V2R3C01SPC205 |
|
UMA |
UMA V200R001C00SPC100 |
V200R001C00SPC200 |
|
DSM |
DSM V100R002 |
V100R002C05SPC615 |
|
TSM |
V100R002 |
V100R002C07SPC219 |
|
VPN Client |
V100R001 |
V100R001C02SPC702 |
|
iSOC 3000 |
iSOC V200R001C00 |
V200R001C00SPC202 |
|
iSOC 5000 |
iSOC V200R001C01 |
V200R001C01SPC101 |
|
iSOC 9000 |
iSOC V200R001C02 |
V200R001C02SPC202 |
|
UMA-DB |
V2R1COOSPC101 |
V2R1COOSPC101 |
|
S7700&S9700 |
V100R006 |
V200R005+V200R005HP0001 |
|
S12700 |
V200R005 |
V200R005+V200R005HP0001 |
|
S2750&S5700&S6700 |
V100R006 |
V200R005+V200R005HP0001 |
|
S2700&S3700 |
V100R006 |
V100R006C05+V100R06HP0011 |
|
eSpace Desktop |
eSpace Desktop V200R001C03 |
eSpace Desktop V200R001C03SPCb00 |
|
eSpace VTM |
eSpace VTM V100R001 |
VTM V100R001C30 |
|
eSpace CC |
eSpace CC V200R001 |
CC V200R001C31 |
|
eSpace U2990 |
eSpace U2990 V200R001 |
eSpace U2990 V200R001C02 |
|
eSpace U2980 |
eSpace U2980 V100R001 |
eSpace U2980 V100R001C02 |
|
eSpace USM |
eSpace USM V100R001 |
eSpace USM V100R001C01 |
|
eSpace U19** |
eSpace U19** V100R001 |
eSpace U19** V100R001C10 |
|
SoftCo |
SoftCo V100R003 |
SoftCo V200R001C01 |
|
SoftCo V200R001 |
SoftCo V200R001C01 |
|
|
eSpace IAD |
eSpace IAD V300R002 |
eSpace IAD V300R002C01 |
|
eSpace IAD V300R001C07 |
eSpace IAD V300R002C01 |
|
|
eSpace IVS |
eSpace IVS V100R001C02 |
eSpace IVS V100R001C02SPC111 |
|
eSpace IPC |
eSpace IPC V100R001C11 eSpace IPC V100R001C21 eSpace IPC V200R001C01 eSpace IPC V200R001C02 |
eSpace IPC V100R001C11SPC205 eSpace IPC V100R001C21SPC205 eSpace IPC V200R001C02SPC200 |
|
eSpace meeting portal |
V100R001C00 |
eSpace Meeting Portal V100R001C00SPC303 |
|
eUPP |
V100R001C01 |
eUPP V100R001C01SPC101 |
|
eUPP |
V100R001C10 |
eUPP V100R001C10SPC002 |
|
SMC2.0 |
HUAWEI SMC2.0 V100R002C01B017SP16 |
HUAWEI SMC2.0 V100R002C01B017SP17 |
|
HUAWEI SMC2.0 V100R002C01B025SP07 |
HUAWEI SMC2.0 V100R002C01B025SP08 |
|
|
HUAWEI SMC2.0 V100R002C03B015SP03 |
SMC2.0 V100R003C00SPC100B019 |
|
|
SMC2.0 V100R002C04B017SP02 |
SMC2.0 V100R002C04B017SP04 |
|
|
Tecal RH1288 V2 |
Tecal RH1288 V2 V100R002 |
Tecal RH1288 V2 V100R002C00SPC106 |
|
Tecal RH2285 V2 |
Tecal RH2285 V2 V100R002 |
Tecal RH2285 V2 V100R002C00SPC115 |
|
Tecal RH2285H V2 |
Tecal RH2285H V2 V100R002 |
Tecal RH2285H V2 V100R002C00SPC110 |
|
Tecal RH2288 V2 |
Tecal RH2288 V2 V100R002 |
Tecal RH2288 V2 V100R002C00SPC116 |
|
Tecal RH2288E V2 |
Tecal RH2288E V2 V100R002 |
Tecal RH2288E V2 V100R002C00SPC101 |
|
Tecal RH2288H V2 |
Tecal RH2288H V2 V100R002 |
Tecal RH2288H V2 V100R002C00SPC112 |
|
Tecal RH2485 V2 |
Tecal RH2485 V2 V100R002 |
Tecal RH2485 V2 V100R002C00SPC502B010 |
|
Tecal RH5885 V2 |
Tecal RH5885 V2 V100R001 |
Tecal RH5885 V2 V100R001C02SPC110B010 |
|
Tecal RH5885 V3 |
Tecal RH5885 V3 V100R003 |
Tecal RH5885 V3 V100R003C01SPC102 |
|
Tecal RH5885H V3 |
Tecal RH5885H V3 V100R003 |
Tecal RH5885H V3 V100R003C00SPC102 |
|
Tecal X6000 |
Tecal XH310 V2 V100R001 Tecal XH311 V2 V100R001 Tecal XH320 V2 V100R001 Tecal XH321 V2 V100R002 Tecal XH621 V2 V100R001 |
Tecal XH310 V2 V100R001C00SPC109 Tecal XH311 V2 V100R001C00SPC109 Tecal XH320 V2 V100R001C00SPC110 Tecal XH321 V2 V100R002C00SPC100 Tecal XH621 V2 V100R001C00SPC106 |
|
Tecal X8000 |
Tecal X8000 Rack V100R001 (Tecal DH620 V2 V100R001 Tecal DH621 V2 V100R001 Tecal DH310 V2 V100R001 Tecal DH320 V2 V100R001 Tecal DH628 V2 V100R001) |
Tecal X8000 Rack V100R001C00SPC110 Tecal DH620 V2 V100R001C00SPC106 Tecal DH621 V2 V100R001C00SPC106 Tecal DH310 V2 V100R001C00SPC109 Tecal DH320 V2 V100R001C00SPC106 Tecal DH628 V2 V100R001C00SPC106 |
|
Tecal E6000 |
Tecal BH620 V2 V100R002 Tecal BH621 V2 V100R002 Tecal BH622 V2 V100R002 Tecal BH640 V2 V100R002 |
Tecal BH620 V2 V100R002C00SPC106 Tecal BH621 V2 V100R002C00SPC106 Tecal BH622 V2 V100R002C00SPC109 Tecal BH640 V2 V100R002C00SPC108 |
Successful exploitation of these vulnerabilities may allow an attacker to perform a man-in-the-middle attack, create a denial of service condition, disclose sensitive information, or execute arbitrary code with elevated privileges.
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
1.CVE-2014-0224:
Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Temporal Score: 4.8 (E:F/RL:O/RC:C)
Overall Score: 4.8
2.CVE-2014-0221:
Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Temporal Score: 3.4 (E:P/RL:O/RC:C)
Overall Score: 3.4
3.CVE-2014-0195:
Base Score: 9.3(AV:N/AC:M/AU:N/C:C/I:C/A:C)
Temporal Score: 7.7 (E:F/RL:O/RC:C)
Overall Score: 7.7
4.CVE-2014-0198:
Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Temporal Score: 3.4 (E:P/RL:O/RC:C)
Overall Score: 3.4
5.CVE-2010-5298:
Base Score: 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
Temporal Score: 3.2 (E:P/RL:O/RC:C)
Overall Score: 3.2
6.CVE-2014-3470:
Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Temporal Score: 3.4 (E:P/RL:O/RC:C)
Overall Score: 3.4
7.CVE-2014-0221:
Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Temporal Score: 3.4 (E:P/RL:O/RC:C)
Overall Score: 3.4
For additional details, customers are advised to reference the OpenSSL Project security advisory: http://www.openssl.org/news/secadv_20140605.txt
These vulnerabilities are disclosed by OpenSSL official website.
For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.
For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.
2015-03-11 V1.4 UPDATED Update the link information
2014-08-05 V1.3 UPDATED Update the Software Versions and Fixes
2014-07-05 V1.2 UPDATED Update the Software Versions and Fixes
2014-06-20 V1.1 UPDATED Update the Software Versions and Fixes
2014-06-13 V1.0 INITIAL
None
