Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on Huawei multiple products

Summary

Some OpenSSL software versions used in multiple Huawei products have the following OpenSSL vulnerability. Unauthorized remote attackers can dump 64 Kbytes of memory of the connected server or client in each attack. The leaked memory may contain sensitive information, such as passwords and private keys (Vulnerability ID: HWPSIRT-2014-0414).

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-0160.

Software Versions and Fixes

Product Name	Affected Version	Solved Plan/Patch Link
AHR	V100R003C00SPC350 and later versions	V100R003C00SPC360
BCM	BCM V300R003C01 BCM V300R003C30	V300R003C30LG0106SPC002 V300R003C50SPC020
Billing V5R5	CBS V500R005C21	BCM V300R003C30LG0106SPC002 BCM V300R003C50SPC020
CBS	CBS V300R003C01 CBS V100R002C02	BICP V100R001C50LS0002 BCM V300R003C30LG0106SPC002 BCM V300R003C50SPC020
CCE3.0	CCE V100R003C00	V100R003C00CP1301
CPS	CPS V100R001C10 CPS V100R001C20	BICP V100R001C50LS0002 BCM V300R003C30LG0106SPC002 BCM V300R003C50SPC020
CRM	CC&BM V100R002C61 CC&BM V100R002C62 CC&BM V100R002C72 Wimax BOSS V100R001C01	BICP V100R001C50LS0002
CSP	V600R005C10 V600R005C11SPC100	V600R003C90LG1032
CTI	V300R005C50 V300R006C30	V300R005C50SPC011
DWH	V100R002C10 V100R002C30	BICP V100R001C50LS0002
eBIMS	V100R001C00SPC100	V100R001C00SPC200
ECC500	V600R001C00	V600R001C00SPC100
EDC Solution	V100R001C01	Tecal E6000 Chassis V100R001C00SPC111 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107
eLTE Broadband Access	eSight V300R001C10	V300R001C10CP2004
eLTE Broadband Access	eCNS600 V100R001C00 eCNS600 V100R002C00	V100R002C00SPC300 V100R002C00SPC300
eSDK Solution	V100R002C01	eSDK IVS V100R003C10SPC100 eSDK UC V100R003C10SPC001
eSight	V200R003C00 V200R003C01 V200R003C10 V300R001C10 V300R001C00	V200R003C01SPC204 V200R003C10SPC104 V300R001C10CP2004 V300R001C00CP2016
eSight UC&C	V100R001C01 V100R001C02	V100R001C20SPH303 V100R001C01SPH301
eSpace desktop	V200R001	V200R001C03SPC800
eSpace Meeting Portal	V100R001C00	V100R001C00SPC302
eSpace IVS	V100R001C02	V100R001C02SPC102
eSpace UC	V200R001C50	V200R001C50SPC003T
EVC3.3	EVC V300R003C02	BICP V100R001C50LS0002
FusionCloud Desktop Solution	V100R003C00	Tecal E9000 Chassis V100R001C00SPC160 Tecal RH2285 V2 V100R002C00SPC113
Fusioncube	V100R002C00 V100R002C01	Tecal RH2288 V2 V100R002C00SPC115 Tecal E9000 Chassis V100R001C00SPC160
FusionSphere	V100R003C00	Tecal E9000 Chassis V100R001C00SPC160
HSS9860	HSS9860 V900R008C20	V900R008C20SPC508
HyperDP	OceanStor N8500V200R001C09	V200R001C09SPC500
HyperDP	OceanStor N8500 V200R001C91	V200R001C91SPC200
IDC Solution	V100R001C01	Tecal RH2288 V2 V100R002C00SPC115 Tecal RH2285 V2 V100R002C00SPC113 Tecal E6000 Chassis V100R001C00SPC111 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107 Tecal BH640 V2 V100R002C00SPC107
IDC Solution	V100R001C03	Tecal E9000 Chassis V100R001C00SPC160 Tecal RH2285 V2 V100R002C00SPC113 Tecal RH2288 V2 V100R002C00SPC115 Tecal RH2485 V2 V100R002C00SPC501 Tecal RH5885 V2 V100R001C02SPC109 Tecal XH310 V2 V100R001C00SPC107 Tecal XH311 V2 V100R001C00SPC107 Tecal XH320 V2 V100R001C00SPC109 Tecal XH621 V2 V100R001C00SPC105 Tecal RH1288 V2 V100R002C00SPC105 Tecal DH310 V2 V100R001C00SPC107 Tecal DH620 V2 V100R001C00SPC105 Tecal DH621 V2 V100R001C00SPC105 Tecal E6000 Chassis V100R001C00SPC111 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107 CSB Solution V100R001C01SPC101
IDS2000	V300R001C11/C12/C31/C32	ECC500 V300R001C30
iManager M2000	iManager M2000 V200R013C00SPC230 iManager M2000 V200R013C00HP2301	V200R013C00CP2302
iManager PRS	iManager PRS V100R014C00SPC100	V100R014C00CP1501
iManager U2000	iManager U2000 V100R009C00SPC300	V100R009C00SPC301
iManager U2000-M	iManager U2000 V200R014C00SPC100 iManager U2000 V200R014C00SPC110	V200R014C00SPC200
IMS	IMS V200R010C00	CGP V100R006C60SPC609
ISOP	V200R001C00	BICP V100R001C50LS0002
LMT of GGSN9811/ UGW9811/ PDSN9660/ WASN9770/ HA9661	GGSN9811 V900R008C01 UGW9811 V900R001C03 UGW9811 V900R001C05 UGW9811 V900R009C01 UGW9811 V900R009C02 UGW9811 V900R010C00 UGW9811 V900R010C01 UGW9811 V900R010C72 UGW9811 V900R010C81 HA9661 V900R007C06 PDSN9660 V900R007C02 PDSN9660 V900R007C03 PDSN9660 V900R007C05 PDSN9660 V900R007C06 WASN9770 V300R003C01 WASN9770 V300R003C02	UGW9811 V900R009C01SPC300 UGW9811 V900R009C02SPC200 UGW9811 V900R010C00SPC100 UGW9811 V900R010C01SPC200 UGW9811 V900R010C72SPC200 UGW9811 V900R010C81SPC100 HA9661 V900R007C06SPC300 PDSN9660 V900R007C06SPC200 WASN9770 V300R003C02SPC300
Mediation	Mediation V100R002C20 Mediation V100R002C30	BCM V300R003C30LG0106SPC002 BCM V300R003C50SPC020
Mobile phone Y300	Y300-0100 V100R001C00B197	Version V100R001C00 OTA update opened. Version for United Kingdom Channel: V100R001C479B197
Mobile phone G510	G510-0200 V100R001C00B193	V100R001C00B200 Version for United Kingdom Channel: V100R001C479B193
Mobile phone U8686	V100R001C85B177/B187	OTA update opened
Mobile phone C8813	V100R001C92B173	V100R001C92B178
MSOFTX3000	MSOFTX3000 V200R010C10	V200R010C10SPH103
Nastar	GENEX Nastar V600R014C00SPC201T GENEX Nastar V600R014C00	V600R014C00CP0010
NetCol ACC	V100R001C10/C20/C30	V100R001C10
NGIN	SNE V300R002C20 SNE V300R002C30 SNE V300R002C40 SNE V300R002C50	V300R002C50
NGIN	BMP V100R002C30 BMP V100R002C40	V100R002C40SPC001
OCS	OCS V100R002C01 OCS V300R003C01	BCM V300R003C30LG0106SPC002 BICP V100R001C50LS0002 BCM V300R003C50SPC020
OIC	V100R001C00SPC300 V100R001C00SPC400	V100R001C00SPC401
OnlineMediation	OnlineMediationV300R003C01 OnlineMediationV300R003C02 OnlineMediationV300R003C21 OnlineMediationV300R003C30	ONIP SNE V300R002C50 BICP V100R001C50LS0002
OpenEye CMS	V300R001C60SPC001	V300R001C60SPC002
PCCS	PowerCube1000 V300R002C03 PowerCube Controller Software V300R002C00/C10/C20C/C30	V300R002C03SPC600
PDU8000	V100R002C00	V100R002C00SPC100
Policy Center	V100R003C00	V100R003C00SPC303
PRM	PRM V300R001C08 PRM V300R001C20	BCM V300R003C30LG0106SPC002 BCM V300R003C50SPC020
RCS9880	V100R002C10 V100R003C00	V100R002C10CP0001 V100R003C00CP0001
SAG	V200R001C38	V200R001C38LG0005
SANEX	V100R002C00	V100R002C00SPC002
Smart Campaign	V300R003C02	BICP V100R001C50LS0002
SMU02B SMU	V300R002C02 V300R002C10	SUM V300R002C02SPC73 SUM V300R002C20SPC74
SOFTX3000	V600R012C10	V600R012C10SPC203
SPS	V300R007C00	V300R007C00SPH103
STB	V100R002C15LLNL72 V100R002C15LSCD81 V100R001C06LCOE01SPC200	Terminal Middleware V100R001C06LCOE02SPC200
Tecal E6000	V100R002	Tecal E6000 Chassis V100R001C00SPC111 Tecal BH620 V2 V100R002C00SPC105 Tecal BH621 V2 V100R002C00SPC105 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107
Tecal E6000 Chassis	V100R001C00	Tecal E6000 Chassis V100R001C00SPC111 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107
Tecal E9000 Chassis	V100R001	Tecal E9000 Chassis V100R001C00SPC160 Tecal CH121 V100R001C00SPC150 Tecal CH140 V100R001C00SPC100 Tecal CH220 V100R001C00SPC150 Tecal CH221 V100R001C00SPC150 Tecal CH222 V100R002C00SPC150 Tecal CH240 V100R001C00SPC150 Tecal CH242 V100R001C00SPC150 Tecal CH242 V3 V100R001C00SPC100
Tecal RH1288 V2	V100R002C00	V100R002C00SPC105
Tecal RH2285 V2	V100R002C00	V100R002C00SPC113
Tecal RH2285H V2	V100R002C00	V100R002C00SPC108
Tecal RH2288 V2	V100R002C00	V100R002C00SPC115
Tecal RH2288H V2	V100R002C00	V100R002C00SPC110
Tecal RH2485 V2	V100R002	V100R002C00SPC501
Tecal RH5885 V2	V100R001 V100R003	V100R001C02SPC109
Tecal RH5885 V3	V100R003	V100R003C01SPC101
Tecal X6000	V100R002	Tecal XH310 V2 V100R001C00SPC107 Tecal XH311 V2 V100R001C00SPC107 Tecal XH320 V2 V100R001C00SPC109 Tecal XH621 V2 V100R001C00SPC105
Tecal X8000	V100R001	Tecal DH310 V2 V100R001C00SPC107 Tecal DH320 V2 V100R001C00SPC105 Tecal DH620 V2 V100R001C00SPC105 Tecal DH621 V2 V100R001C00SPC105 Tecal DH628 V2 V100R001C00SPC105
WebLMT of BSC6900	BSC6900 V100R016C00	V100R016C00SPC600
WebLMT of BSC6910	BSC6910 V100R016C00	V100R016C00SPC600
WebLMT of eGBTS/NODEB/MBTS	BTS3900 V100R009C00	V100R009C00SPC100
WebLMT of eNodeb(FDD)	BTS3900 V100R009C00	V100R009C00SPC100
WebLMT of eNodeb(TDD)	BTS3900 V100R009C00	V100R009C00SPC100
WFM	V200R001C00	V200R001C00SPC131
WFM	V100R001C01	V100R001C01SPC292
UAC3000	V100R003C00	CGP V100R006C60SPC609
UGC3200	UGC3200 V200R010C00	CGP V100R006C60SPC609
UPCC	UPCC V300R006C01 UPCC V300R006C02	V300R006C01SPC203 V300R006C02SPC105
UPS2000	V1R1C00/C10/C11/C30/C31	V100R001C10SPC500
UPS5000	V100R001C00/C01/C10/C02 V100R002C00/C01/C02/C03 V100R002C10/C11/C12/C13	V100R002C01SPC300 V100R001C10SPC600
USN9810	V900R012C01	V900R012C01SPH003
VGS SCG	V500R005C30	V500R005C30LG0001

Impact

The impacts of this vulnerability on Huawei products vary with products. Attackers may exploit this vulnerability to dump a certain size of memory of devices. The leaked memory may contain sensitive information, such as passwords and private keys.

Vulnerability Scoring Details

The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).

Base Score: 5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)

Temporal Score: 3.9 (E:P/RL:O/RC:C)

Technique Details

1. Prerequisite:

This vulnerability can be exploited only when the following conditions are present:

The attacker is able to locally or remotely access the device affected by the vulnerability.

2. Vulnerability details:

The vulnerability is due to a missing memory bounds check when the OpenSSL software processes TLS heartbeat packets. Attackers can trigger the vulnerability by sending malformed TLS heartbeat packets to the server. The attacker may also impersonate a server to send malicious packets to a client that accesses the server to attack the client. After the attack succeeds, the attacker can dump a certain size of memory each time the attacker sends a malicious heartbeat packet. The dumped memory may contain sensitive information, such as passwords and private keys.

Temporary Fix

None

Obtaining Fixed Software

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.

Exploitation and Vulnerability Source

This vulnerability is found by Codenomicon and Google security engineers.

Contacts for Technique Issue

For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.

Revision History

2015-03-11 V3.8 UPDATED remove invalid links

2014-07-22 V3.7 UPDATED update the Software Versions and Fixes

2014-06-13 V3.6 UPDATED update the Software Versions and Fixes

2014-06-06 V3.5 UPDATED update the Software Versions and Fixes

2014-05-29 V3.4 UPDATED update the Software Versions and Fixes

2014-05-22 V3.3 UPDATED update the Software Versions and Fixes

2014-05-15 V3.2 UPDATED update the Software Versions and Fixes

2014-05-14 V3.1 UPDATED update the Software Versions and Fixes

2014-05-13 V3.0 UPDATED update the Software Versions and Fixes

2014-05-12 V2.9 UPDATED update the Software Versions and Fixes

2014-05-12 V2.8 UPDATED update the Software Versions and Fixes

2014-05-12 V2.7 UPDATED update the Software Versions and Fixes

2014-05-10 V2.6 UPDATED update the Software Versions and Fixes

2014-05-10 V2.5 UPDATED update the Software Versions and Fixes

2014-05-09 V2.4 UPDATED update the Software Versions and Fixes

2014-05-09 V2.3 UPDATED update the Software Versions and Fixes

2014-05-08 V2.2 UPDATED update the Software Versions and Fixes

2014-05-07 V2.1 UPDATED update the Software Versions and Fixes

2014-05-06 V2.0 UPDATED update the Software Versions and Fixes

2014-05-05 V1.9 UPDATED update the Software Versions and Fixes

2014-05-04 V1.8 UPDATED update the Software Versions and Fixes

2014-04-30 V1.7 UPDATED update the Software Versions and Fixes

2014-04-28 V1.6 UPDATED update the Software Versions and Fixes

2014-04-24 V1.5 UPDATED update the Software Versions and Fixes

2014-04-22 V1.4 UPDATED update the Software Versions and Fixes

2014-04-21 V1.3 UPDATED update the Software Versions and Fixes

2014-04-21 V1.2 UPDATED update the Software Versions and Fixes

2014-04-18 V1.1 UPDATED update the Software Versions and Fixes

2014-04-17 V1.0 INITIAL

FAQs

None

Declaration

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

Huawei Security Procedures

Complete information for providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/.

Select a Country or Region

Products

Connectivity

Computing

Cloud

Services

Industry Solutions

Consumer Support

Huawei Cloud Support

Enterprise Support

Carrier Support

Partners

Developers

Training & Certification

About Us

News & Events

Explore More

SEARCH HISTORY

Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on Huawei multiple products

Select a Country or Region

Connectivity

Computing

Cloud

SEARCH HISTORY

Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on Huawei multiple products

Online Services

Consumer Products

Huawei Cloud

Enterprise

Carrier Network