Corporate Worldwide

Back to Main Menu

Huawei Websites

Corporate: Corporate news and information

Consumer: Phones, laptops, tablets, wearables & other devices

Enterprise: Enterprise products, solutions & services

Carrier: Products, solutions & services for carrier networks

Huawei Cloud: Cloud products, solutions & services

Select a Country or Region

Security Advisory - IP Option Improper Handling Vulnerability in Multiple Huawei Products

SA No:Huawei-SA-20150506-01-ICMP
Initial Release Date: May 06, 2015
Last Release Date: May 19, 2015

Summary

Multiple Huawei Products have an improper IP option handling vulnerability. The IP stack implementation in multiple Huawei products mishandles IP options when a crafted ICMP request message is received, leading to the board reboot (Vulnerability ID: HWPSIRT-2015-02003).

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-3913.

Software Versions and Fixes

Product Name	Affected Version	Resolved Product and Version
S2300/S2700/S3300/S3700	V100R006C00	Upgrade to V100R006C03 +V100R006SPH021
	V100R006C03	V100R006SPH021
	V100R006C05	V100R006SPH021
S5300EI/S5700EI/S5300SI/S5700SI	V100R006C00	Upgrade to V200R003C00SPC300 +V200R003SPH011
	V200R001C00SPC300
	V200R002C00SPC300
	V200R003C00SPC300	V200R003SPH011
	V200R005C00SPC300	V200R005SPH005
S5300HI/S5700HI S6300EI/S6700EI/S5710HI	V200R001C00SPC300	Upgrade to V200R003C00SPC300 +V200R003SPH011
	V200R002C00SPC300	Upgrade to V200R003C00SPC300 +V200R003SPH011
	V200R003C00SPC300	V200R003SPH011
	V200R005C00SPC300	V200R005SPH005
S5300LI/S5700LI/S2350EI/S2750EI	V200R001C00SPC300	Upgrade to V200R003C00SPC300 +V200R003SPH011
	V200R002C00SPC300	Upgrade to V200R003C00SPC300 +V200R003SPH011
	V200R003C00SPC300	V200R003SPH011
	V200R005C00SPC300	V200R005SPH005
	V200R006C00SPC500	V200R006SPH002
	V200R007C00SPC500	V200R007SPH001
S5720HI	V200R006C00SPC500	V200R006SPH002
S5720HI	V200R007C00SPC500	V200R007SPH001
S7700/S9300/S9700	V200R001C00SPC300	Upgrade to V200R003C00SPC500 +V200R003SPH011
	V200R002C00SPC300	Upgrade to V200R003C00SPC500 +V200R003SPH011
	V200R003C00SPC500	V200R003SPH011
	V200R005C00SPC300	V200R005SPH005
	V200R006C00SPC500	V200R006SPH003
	V200R007C00SPC500	V200R007SPH001
S12700	V200R005C00SPC300	V200R005SPH005
	V200R006C00SPC500	V200R006SPH003
	V200R007C00SPC500	V200R007SPH001

Impact

By exploiting the vulnerability, an attacker could restart the board.

Vulnerability Scoring Details

The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).

Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Temporal Score: 6.4 (E:F/RL:O/RC:C)

Technique Details

This vulnerability can be exploited only when the following conditions are present：

1. The attacker can visit the network where the device locates.

Vulnerability details:

The device does not verify the validity of some special fields of ICMP packets. Attackers can send abnormal ICMP packets to the device to cause the board reboot.

Temporary Fix

None.

Obtaining Fixed Software

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.

Exploitation and Vulnerability Source

This vulnerability was reported by Huawei internal tester. Huawei PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

Contacts for Technique Issue

For security problems about Huawei products and solutions, please contact PSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance

Revision History

2015-05-19 V1.1 UPDATED Add the CVE ID for the vulnerability

2015-05-06 V1.0 INITIAL

Declaration

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

Huawei Security Procedures

Complete information for providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/.

Select a Country or Region

Products

Connectivity

Computing

Cloud

Services

Industry Solutions

Consumer Support

Huawei Cloud Support

Enterprise Support

Carrier Support

Partners

Developers

Training & Certification

About Us

News & Events

Explore More

SEARCH HISTORY

Security Advisory - IP Option Improper Handling Vulnerability in Multiple Huawei Products

Select a Country or Region

Connectivity

Computing

Cloud

SEARCH HISTORY

Security Advisory - IP Option Improper Handling Vulnerability in Multiple Huawei Products

Online Services

Consumer Products

Huawei Cloud

Enterprise

Carrier Network