This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy (update in May 2018) >

Security Advisory - IP Option Improper Handling Vulnerability in Multiple Huawei Products

  • SA No:Huawei-SA-20150506-01-ICMP
  • Initial Release Date: May 06, 2015
  • Last Release Date: May 19, 2015

 
Multiple Huawei Products have an improper IP option handling vulnerability. The IP stack implementation in multiple Huawei products mishandles IP options when a crafted ICMP request message is received, leading to the board reboot (Vulnerability ID: HWPSIRT-2015-02003).

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-3913.

Product Name

Affected Version

Resolved Product and Version

S2300/S2700/S3300/S3700

V100R006C00

Upgrade to V100R006C03
+V100R006SPH021

V100R006C03

V100R006SPH021

V100R006C05

S5300EI/S5700EI/S5300SI/S5700SI

V100R006C00

Upgrade to V200R003C00SPC300
+V200R003SPH011

V200R001C00SPC300

V200R002C00SPC300

V200R003C00SPC300

V200R003SPH011

V200R005C00SPC300

V200R005SPH005

S5300HI/S5700HI S6300EI/S6700EI/S5710HI

V200R001C00SPC300

Upgrade to V200R003C00SPC300
+V200R003SPH011

V200R002C00SPC300

V200R003C00SPC300

V200R003SPH011

V200R005C00SPC300

V200R005SPH005

S5300LI/S5700LI/S2350EI/S2750EI

V200R001C00SPC300

Upgrade to V200R003C00SPC300
+V200R003SPH011

V200R002C00SPC300

V200R003C00SPC300

V200R003SPH011

V200R005C00SPC300

V200R005SPH005

V200R006C00SPC500

V200R006SPH002

V200R007C00SPC500

V200R007SPH001

S5720HI

V200R006C00SPC500

V200R006SPH002

V200R007C00SPC500

V200R007SPH001

S7700/S9300/S9700

V200R001C00SPC300

Upgrade to V200R003C00SPC500
+V200R003SPH011

V200R002C00SPC300

V200R003C00SPC500

V200R003SPH011

V200R005C00SPC300

V200R005SPH005

V200R006C00SPC500

V200R006SPH003

V200R007C00SPC500

V200R007SPH001

S12700

V200R005C00SPC300

V200R005SPH005

V200R006C00SPC500

V200R006SPH003

V200R007C00SPC500

V200R007SPH001


By exploiting the vulnerability, an attacker could restart the board.

The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).

Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Temporal Score: 6.4 (E:F/RL:O/RC:C)

This vulnerability can be exploited only when the following conditions are present:

1. The attacker can visit the network where the device locates.

Vulnerability details:

The device does not verify the validity of some special fields of ICMP packets. Attackers can send abnormal ICMP packets to the device to cause the board reboot.

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.

This vulnerability was reported by Huawei internal tester. Huawei PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

For security problems about Huawei products and solutions, please contact PSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance

2015-05-19 V1.1 UPDATED Add the CVE ID for the vulnerability

2015-05-06 V1.0 INITIAL

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

Complete information for providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/.