This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy (update in May 2018) >

Security Notice-Statement on NTP.org and CERT/CC Revealing Security Vulnerabilities in NTPd

  • Initial Release Date: Dec 23, 2014
  • Last Release Date: Dec 15, 2015

Huawei was notified about information released by NTP.org and CERT/CC regarding four security vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296) in NTP daemon (ntpd) on December 19th, 2014. Huawei immediately launched a thorough investigation.

The investigation is still ongoing. The results of the investigation show that some of the Huawei products are vulnerable for these vulnerabilities. Huawei PSIRT will keep updating the SN. Please stay tuned.

The following Huawei products Confirmed Vulnerable:

 

Product Name

Affected Version

AC6605

V200R002C00SPC700

V200R001C00

V200R003C10

V200R005C00/C10

V200R006C00

ACU

V200R002C00SPH601

V200R002C00SPH602B001

V200R002SPH007

Campus Controller

V100R001C00B001

DC

V100R002C01SPC001

DH320 V2

V100R001C00

DH620 V2

V100R001C00

DH621 V2

V100R001C00

DH628 V2

V100R001C00

E6000 Chassis

V100R001C00

E9000 Chassis

V100R001C00

eLog

V100R003C01

V200R003C10

eSight Network

V200R003C01/C10

V200R005C00

eSight UC&C

V100R001C01/C20

eSpace CAD

V100R001C01LHUE01

eSpace CC

V200R001C03/C31/C32/C50

eSpace DCM

V100R001C01/C02/C03

V100R002C01

eSpace EMS

V200R001C03

eSpace IVS

V100R001C02

eSpace Meeting Portal

V100R001C00

eSpace U2980

V100R001C02SPC200

V100R001C01

V200R003C00

eSpace UC

V100R002C01

V200R002C00

V200R003C00

eSpace USM

V200R003C00

eSpace VCN3000

V100R002C00

eSpace VTM

V100R001C02/C30

V100R002C00

FusionAccess

V100R005C10/C20

FusionCompute

V100R003C00/C10

V100R005C00/C10

FusionCube

V100R002C01SPC100

V100R002C02SPC100

V100R002C02SPC200

V100R002C02SPC300

FusionManager

V100R003C10

V100R005C00

FusionSphere OpenStack

V100R005C00

FusionSphere Tool

V100R003C00SPC201B002

GalaX8800

V100R002C00/C01/C83/C85

ManageOne SC

V100R002C20

ManageOne

V100R002C00/C10

OceanStor 18500

V100R001C00

OceanStor 18800

V100R001C00

OceanStor 18800F

V100R001C00

OceanStor 9000

V100R001C00/C01/C20/C30

OceanStor 9000E

V100R002C19

OceanStor HDP3500E

V100R003C00

OceanStor HVS85T

V100R001C00

OceanStor HVS88T

V100R001C00

OceanStor S2600T

V200R002C00

OceanStor S5500T

V200R002C00

OceanStor S5600T

V200R002C00

OceanStor S5800T

V200R002C00

OceanStor S6800T

V200R002C00

OceanStor UDS

V100R002C00/C01

OMM Solution

V100R001C00

RH1288 V2

V100R002C00

RH2285 V2

V100R002C00

RH2285H V2

V100R002C00

RH2288 V2

V100R002C00

RH2288E V2

V100R002C00

RH2288H V2

V100R002C00

RH2485 V2

V100R002C00

RH5885 V2

V100R001C00

RH5885 V3

V100R003C01

RH5885H V3

V100R003C00

Smart CDN

V100R001C06

Tecal XH310 V2

V100R001C00SPC100

Tecal XH311 V2

V100R001C00SPC100

Tecal XH320 V2

V100R001C00SPC105

Tecal XH621 V2

V100R001C00B010

V1300N

V100R002C02

VCM

V100R001C00

VCN500

V100R002C00

X8000 Rack

V100R001C00

The following Huawei products Confirmed Not Vulnerable:

 

Product Name

AR-UMS

BH620 V2/ BH621 V2/ BH622 V2/ BH640 V2

CH121/ CH121 V3/ CH140/ CH220 V3/ CH221/ CH222/ CH222 V3/ CH240/ CH242/ CH242 V3

DC Server

EDC Solution

eLWP

eNSP

eSAP

eSpace Audio Recorder

eSpace IPC

eSpace UMS

Eudemon8000E-X8

FusionCloud Desktop Solution

FusionCloud Server/ FusionCloud Server II

FusionServer 9032

FusionServer Tools

iBMC

iMM

IPC6112-D/ IPC6122-D/ IPC6221-VRZ/ IPC6611-Z30-I/ IPC6621-Z30-I

L2800

OceanStor CSE

P8000 SSD Card

PowerCache-Ram-Based SSD

SAP HANA Appliance

Secospace USG6600

SingleCLOUD Solution

T8000

TeleClassroom

Tecal RH1288 V3

UMA

USG9560

WS6603

X6000

2015-12-15 V2.1 FINAL
2015-02-13 V2.0 UPDATED updated list of affected products
2015-01-14 V1.9 UPDATED updated list of affected products
2015-01-06 V1.8 UPDATED updated list of affected products
2015-01-04 V1.7 UPDATED updated list of affected products
2014-12-31 V1.6 UPDATED updated list of affected products
2014-12-29 V1.5 UPDATED updated list of affected products
2014-12-27 V1.4 UPDATED updated list of affected products
2014-12-26 V1.3 UPDATED updated list of affected products
2014-12-25 V1.2 UPDATED updated list of affected products
2014-12-24 V1.1 UPDATED updated list of affected products
2014-12-23 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.