This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Vul. Response Process

During the whole process, PSIRT will strictly control the scope of information distribution amongst employees relevant to the vulnerability response. Meanwhile, PSIRT will also request the vulnerability reporter keep the vulnerability confidential until Huawei releases the public Security Advisory (SA)

Huawei uses two methods to disclose the security vulnerabilities:

  • SA(Security Advisory):used to inform customers' CSIRTs or equivalent organizations of information about a specific vulnerability, including the vulnerability severity, impact on services, and remediation solution to help customers in risk-informed decision-making.
  • SN(Security Notice):used to rapidly respond to suspected Huawei product vulnerabilities to be or have been disclosed to the public or product security topics. 

When we release the public SA in the official website , we may also release the SA in text format on security forums, vulnerability database or email lists, however only The official Huawei website will be kept up-to-date with the current information

PSIRT uses CVSSv3 to give the Base Score, Temporal Score and attack vector of each vulnerability in the SA. The Environmental Score will be given by the customer based on their own environment. For the CVSSv3 standard, please refer to:

Huawei uses CVE (Common Vulnerability and Exposures) to quote the vulnerabilities outside of Huawei vulnerability disclosure websites.

Huawei PSIRT releases SAs in real time or regularly (on each Wednesday).

Huawei assumes no responsibilities for the accuracy, integrity, sufficiency and reliability of the content and information in this Policy. All express or implied warranties are expressly disclaimed. Without limitation, there is no warranty of non-infringement and no warranty of fitness for a particular purpose. Your use or interpretation of the information provided in this document is at your sole risk. Any information provided in this document is subject to correction, revision and change without notice