News Start
Security Advisory-OpenSSL Heartbeat Extension
vulnerability (Heartbleed bug) on Huawei multiple
productsSA No: Huawei-SA-20140417-HeartbleedInitial Release Date: 04-17-2014Last Release Date: 05-12-2014
SummarySome OpenSSL software versions used in multiple Huawei products have
the following OpenSSL vulnerability. Unauthorized remote attackers can
dump 64 Kbytes of memory of the connected server or client in each
attack. The leaked memory may contain sensitive information, such as
passwords and private keys (Vulnerability ID: HWPSIRT-2014-0414). This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE)
ID: CVE-2014-0160.
ImpactThe impacts of this vulnerability on Huawei products vary with products.
Attackers may exploit this vulnerability to dump a certain size of memory
of devices. The leaked memory may contain sensitive information, such as
passwords and private keys.
Vulnerability Scoring DetailsThe vulnerability classification has been performed by using the CVSSv2
scoring system (http://www.first.org/cvss/).Base Score: 5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) Temporal Score: 4.5 (E:P/RL:U/RC:C)
Technique Details1. Prerequisite:
This vulnerability can be exploited only when the following conditions are
present:The attacker is able to locally or remotely access the device affected by
the vulnerability.2. Vulnerability details:The vulnerability is due to a missing memory bounds check when the
OpenSSL software processes TLS heartbeat packets. Attackers can trigger
the vulnerability by sending malformed TLS heartbeat packets to the
server. The attacker may also impersonate a server to send malicious
packets to a client that accesses the server to attack the client. After the
attack succeeds, the attacker can dump a certain size of memory each
time the attacker sends a malicious heartbeat packet. The dumped
memory may contain sensitive information, such as passwords and private
keys. Temporary FixNull
Software Versions and FixesProduct Name Affected Version Solved Plan/Patch Link
AHR V100R003C00SPC350 and later versions V100R003C00SPC360
BCM BCM V300R003C01BCM V300R003C30
V300R003C30LG0106SPC002V300R003C50SPC020
Billing V5R5
CBS V500R005C21
BCM V300R003C30LG0106SPC002BCM V300R003C50SPC020
CBS CBS V300R003C01CBS V100R002C02
BICP V100R001C50LS0002BCM V300R003C30LG0106SPC002
BCM V300R003C50SPC020
CCE3.0 CCE V100R003C00 V100R003C00CP1301
CPS CPS V100R001C10CPS V100R001C20
BICP V100R001C50LS0002BCM V300R003C30LG0106SPC002BCM V300R003C50SPC020
CRM CC&BM V100R002C61CC&BM V100R002C62CC&BM V100R002C72Wimax BOSS V100R001C01
BICP V100R001C50LS0002
CSP V600R005C10V600R005C11SPC100
V600R003C90LG1032
CTI V300R005C50V300R006C30
V300R005C50SPC011
DWH V100R002C10V100R002C30
BICP V100R001C50LS0002
IDC Solution V100R001C01 Tecal RH2288 V2 V100R002C00SPC115Tecal RH2285 V2 V100R002C00SPC113Tecal E6000 Chassis V100R001C00SPC111Tecal BH622 V2 V100R002C00SPC108Tecal BH640 V2 V100R002C00SPC107Tecal BH640 V2 V100R002C00SPC107
V100R001C03 Tecal RH2285 V2 V100R002C00SPC113Tecal RH2288 V2 V100R002C00SPC115Tecal RH2485 V2 V100R002C00SPC501Tecal RH5885 V2 V100R001C02SPC109Tecal XH310 V2 V100R001C00SPC107
Tecal XH311 V2 V100R001C00SPC107Tecal XH320 V2 V100R001C00SPC109Tecal XH621 V2 V100R001C00SPC105Tecal RH1288 V2 V100R002C00SPC105Tecal DH310 V2 V100R001C00SPC107Tecal DH620 V2 V100R001C00SPC105Tecal DH621 V2 V100R001C00SPC105Tecal E6000 Chassis V100R001C00SPC111Tecal BH622 V2 V100R002C00SPC108Tecal BH640 V2 V100R002C00SPC107CSB Solution V100R001C01SPC101
eBIMS V100R001C00SPC100 V100R001C00SPC200
ECC500 V600R001C00 V6R1C00SPC100
EDC Solution V100R001C01 Tecal E6000 Chassis V100R001C00SPC111Tecal BH622 V2 V100R002C00SPC108Tecal BH640 V2 V100R002C00SPC107
eLTE Broadband
Access
eSight V300R001C10 V300R001C10CP2004
eCNS600 V100R001C00
eCNS600 V100R002C00V100R002C00SPC300V100R002C00SPC300
eSDK Solution V100R002C01 eSDK IVS V100R003C10SPC100eSDK UC V100R003C10SPC001
eSight V200R003C00V200R003C01V200R003C10
V200R003C01SPC204V200R003C10SPC104
eSight UC&C V100R001C01 V100R001C20SPH303
V100R001C02 V100R001C01SPH301eSpace desktop V200R001 V200R001C03SPC800
eSpace Meeting
Portal
V100R001C00 V100R001C00SPC302
eSpace IVS V100R001C02 V100R001C02SPC102
eSpace UC V200R001C50 V200R001C50SPC003T
EVC3.3 EVC V300R003C02 BICP V100R001C50LS0002
FusionCloud
Desktop SolutionV100R003C00 Tecal RH2285 V2
V100R002C00SPC113
Fusioncube V100R002C00
V100R002C01Tecal RH2288 V2 V100R002C00SPC115
FusionSphere V100R003C00 Tecal E9000 Chassis V100R001C00SPC160
HSS9860 HSS9860 V900R008C20 V900R008C20SPC508
HyperDP OceanStor N8500V200R001C09
V200R001C09SPC500
OceanStor N8500 V200R001C91
V200R001C91SPC200
IDS2000 V300R001C11/C12/C31/C32
ECC500 V3R1C30
iManager M2000 iManager M2000 V200R013C00SPC230iManager M2000 V200R013C00HP2301
V200R013C00CP2302
iManager PRS iManager PRS V100R014C00SPC100 V100R014C00CP1501
iManager U2000 iManager U2000 V100R009C00SPC300
V100R009C00CP3002
iManager
U2000-M
iManager U2000 V200R014C00SPC100iManager U2000 V200R014C00SPC110
V200R014C00SPC200
IMS IMS V200R010C00 CGP V100R006C60SPC609
ISOP V200R001C00 BICP V100R001C50LS0002
LMT of GGSN9811 V900R008C01 UGW9811
GGSN9811/
UGW9811/
PDSN9660/
WASN9770/
HA9661
UGW9811 V900R001C03UGW9811 V900R001C05UGW9811 V900R009C01UGW9811 V900R009C02UGW9811 V900R010C00UGW9811 V900R010C01UGW9811 V900R010C72UGW9811 V900R010C81HA9661 V900R007C06PDSN9660 V900R007C02PDSN9660 V900R007C03PDSN9660 V900R007C05PDSN9660 V900R007C06WASN9770 V300R003C01WASN9770 V300R003C02
V900R009C01SPC300UGW9811 V900R009C02SPC200UGW9811 V900R010C00SPC100UGW9811 V900R010C01SPC200UGW9811 V900R010C72SPC200UGW9811 V900R010C81SPC100HA9661 V900R007C06SPC300PDSN9660 V900R007C06SPC200WASN9770 V300R003C02SPC300
Mediation Mediation V100R002C20Mediation V100R002C30
BCM V300R003C30LG0106SPC002BCM V300R003C50SPC020
Mobile phone
Y300
Y300-0100
V100R001C00B197In the TA ( technical accept) testing
Mobile phone
G510
G510-0200
V100R001C00B193 Released
Mobile phone
U8686V100R001C85B177/B187 In the TA ( technical
accept) testing
Mobile phone
C8813V100R001C92B173 In the TA ( technical
accept) testing
MSOFTX3000 MSOFTX3000 V200R010C10
V200R010C10SPH103
Nastar GENEX Nastar V600R014C00SPC201TGENEX Nastar V600R014C00
V600R014C00CP0010
NetCol ACC V100R001C10/C20/C30 V100R001C10
NGIN SNE V300R002C20SNE V300R002C30
V300R002C50
SNE V300R002C40SNE V300R002C50BMP V100R002C30BMP V100R002C40
V100R002C40SPC001
OCS OCS V100R002C01OCS V300R003C01
BCM V300R003C30LG0106SPC002BICP V100R001C50LS0002BCM V300R003C50SPC020
OIC V100R001C00SPC300
V100R001C00SPC400V100R001C00SPC401
OnlineMediation OnlineMediationV300R003
C01
OnlineMediationV300R003
C02
OnlineMediationV300R003
C21
OnlineMediationV300R003
C30
ONIP SNE V300R002C50BICP V100R001C50LS0002
OpenEye CMS V300R001C60SPC001 V300R001C60SPC002
PCCS
PowerCube1000 V300R002C03PowerCube Controller Software V300R002C00/C10/C20C/C30
V300R002C03SPC600
PDU8000 V100R002C00 V100R002C00SPC100
Policy Center V100R003C00 V100R003C00SPC303
PRM PRM V300R001C08PRM V300R001C20
BCM V300R003C30LG0106SPC002BCM V300R003C50SPC020
RCS9880 V100R002C10V100R003C00
V100R002C10CP0001V100R003C00CP0001
SAG V200R001C38 V200R001C38LG0005
SANEX V100R002C00 V100R002C00SPC002
Smart Campaign V300R003C02 BICP V100R001C50LS0002
SMU02B SMUV300R002C02V300R002C10
SUM V300R002C02SPC73SUM V300R002C20SPC74
SOFTX3000 V600R012C10 V600R012C10SPC203
SPS V300R007C00 V300R007C00SPH103
STB V100R002C15LLNL72V100R002C15LSCD81V100R001C06LCOE01SPC200
IPTV STB V100R002C15LSCD67IPTV STB V100R002C15LLNL75Terminal Middleware V100R001C06LCOE02SPC200
Tecal E6000
V100R002
Tecal E6000 Chassis V100R001C00SPC111Tecal BH622 V2 V100R002C00SPC108Tecal BH640 V2 V100R002C00SPC107
Tecal E6000
Chassis
V100R001C00 Tecal E6000 Chassis V100R001C00SPC111Tecal BH622 V2 V100R002C00SPC108Tecal BH640 V2 V100R002C00SPC107
Tecal E9000
Chassis
V100R001 Tecal E9000 Chassis V100R001C00SPC160Tecal CH121 V100R001C00SPC150Tecal CH140 V100R001C00SPC100Tecal CH220 V100R001C00SPC150Tecal CH221 V100R001C00SPC150Tecal CH222 V100R002C00SPC150Tecal CH240
V100R001C00SPC150Tecal CH242 V100R001C00SPC150Tecal CH242 V3 V100R001C00SPC100
Tecal RH1288
V2
V100R002C00 V100R002C00SPC105
Tecal RH2285
V2
V100R002C00 V100R002C00SPC113
Tecal RH2285H
V2
V100R002C00 V100R002C00SPC108
Tecal RH2288
V2
V100R002C00 V100R002C00SPC115
Tecal RH2288H
V2
V100R002C00 V100R002C00SPC110
Tecal RH2485
V2
V100R002 V100R002C00SPC501
Tecal RH5885
V2
V100R001V100R003
V100R001C02SPC109
Tecal RH5885
V3 V100R003 V100R003C01SPC101
Tecal RH5885H
V3
V100R003 V100R003C00SPC101
Tecal X6000 V100R002 Tecal XH310 V2 V100R001C00SPC107Tecal XH311 V2 V100R001C00SPC107Tecal XH320 V2 V100R001C00SPC109Tecal XH621 V2 V100R001C00SPC105
Tecal X8000 V100R001 Tecal DH310 V2 V100R001C00SPC107Tecal DH620 V2 V100R001C00SPC105
Tecal DH621 V2 V100R001C00SPC105
WebLMT of
BSC6900 BSC6900 V100R016C00V100R016C00SPC600
WebLMT of
BSC6910 BSC6910 V100R016C00V100R016C00SPC600
WebLMT of
eGBTS/NODEB/M
BTSBTS3900 V100R009C00
V100R009C00SPC100
WebLMT of
eNodeb(FDD)
BTS3900 V100R009C00 V100R009C00SPC100
WebLMT of
eNodeb(TDD)
BTS3900 V100R009C00 V100R009C00SPC100
WFM V200R001C00 V200R001C00SPC131
V100R001C01 V100R001C01SPC292
UAC3000 V100R003C00 CGP V100R006C60SPC609
UGC3200 UGC3200 V200R010C00 CGP V100R006C60SPC609
UPCC UPCC V300R006C01UPCC V300R006C02
V300R006C01SPC203V300R006C02SPC105
UPS2000 V1R1C00/C10/C11/C30/C31
V100R001C10SPC401
UPS5000 V100R001C00/C01/C10/C02V100R002C00/C01/C02/C03V100R002C10/C11/C12/C13
V100R002C01SPC300V100R001C10SPC600
USN9810 V900R012C01 V900R012C01SPH003
VGS SCG V500R005C30 V500R005C30LG0001
Obtaining Fixed SoftwareCustomers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades, or obtain them through Huawei worldwide website at http://support.huawei.com/support/.
For TAC contact information, please refer to the following links:
TAC for Carrier Customers:http://support.huawei.com/support/pages/news/NewsInfoAction.do?actionFlag=view&doc_id=IN0000034614&colID=ROOTENWEB%7CCO0000000169%7CCO0000003000.
TAC for enterprise customers:http://support.huawei.com/enterprise/NewsReadAction.action?contentId=NEWS1000000563
TAC for Terminal Customers:http://www.huaweidevice.com/resource/mini/201107199604/FAQ_ServiceHotline_en/index.html
http://www.huaweidevice.com/worldwide/netWorkPoint.do?
method=index&directoryId=40
Exploitation and Vulnerability SourceThis vulnerability is found by Codenomicon and Google security engineers.
Contact Channel for Technique IssueFor security problems about Huawei products and solutions, please
contact [email protected] general problems about Huawei products and solutions, please directly
contact Huawei TAC (Huawei Technical Assistance Center) to request the
configuration or technical assistance.Revision History2014-05-12 V2.7 UPDATED update the Software Versions and Fixes2014-05-10 V2.6 UPDATED update the Software Versions and Fixes2014-05-10 V2.5 UPDATED update the Software Versions and Fixes2014-05-09 V2.4 UPDATED update the Software Versions and Fixes2014-05-09 V2.3 UPDATED update the Software Versions and Fixes2014-05-08 V2.2 UPDATED update the Software Versions and Fixes2014-05-07 V2.1 UPDATED update the Software Versions and Fixes2014-05-06 V2.0 UPDATED update the Software Versions and Fixes2014-05-05 V1.9 UPDATED update the Software Versions and Fixes2014-05-04 V1.8 UPDATED update the Software Versions and Fixes
2014-04-30 V1.7 UPDATED update the Software Versions and Fixes2014-04-28 V1.6 UPDATED update the Software Versions and Fixes2014-04-24 V1.5 UPDATED update the Software Versions and Fixes2014-04-22 V1.4 UPDATED update the Software Versions and Fixes2014-04-21 V1.3 UPDATED update the Software Versions and Fixes2014-04-21 V1.2 UPDATED update the Software Versions and Fixes2014-04-18 V1.1 UPDATED update the Software Versions and Fixes2014-04-17 V1.0 INITIAL
DeclarationThis document is provided on an "AS IS" basis and does not imply any kind
of guarantee or warranty, either express or implied, including the
warranties of merchantability or fitness for a particular purpose. In no
event shall Huawei. or any of its directly or indirectly controlled
subsidiaries or its suppliers be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits
or special damages. Your use of the document, by whatsoever means, will
be totally at your own risk. Huawei is entitled to amend or update this
document from time to time.Huawei Security ProceduresComplete information on providing feedback on security vulnerability of
Huawei products, getting support for Huawei security incident response
services, and obtaining Huawei security vulnerability information, is
available on Huawei's worldwide website at
http://www.huawei.com/en/security/psirt/.
News End