Got it

Announcement of PSIRT

Created: Jan 9, 2020 19:47:53Latest reply: Jan 11, 2020 12:28:18 199 6 0 1
  Rewarded HiCoins: 0 (problem resolved)

Dear All,


    Tomorrow was announced by Huawei PSIRT a vulnerability "Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products". 


    But on Software Version and Fixes, the recommended fix software showed is no more supported for a lot of affected devices.


    Where I can find the correct version that can correct this vulnerability?


Regards,

  • x
  • convention:

Featured Answers
alexfilho
Created Jan 11, 2020 12:28:18 Helpful(0) Helpful(0)

Good morning @LuizPuppin this bug has been fixed, I think they have confused when reporting the versions with vulnerability.


Following is the link with the vulnerable versions and the version that corrects the error:

https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-rsa-en


Att Alexandro Ferreia.

Coreção


View more
  • x
  • convention:

All Answers
chenhui
chenhui Admin Created Jan 10, 2020 05:42:06 Helpful(0) Helpful(0)

@LuizPuppin hello,
what is the model of your affected devices?
View more
  • x
  • convention:

LuizPuppin
LuizPuppin Created Jan 10, 2020 09:25:15
ISP Market usually uses S5720-LI, S5720-EI, S6720-EI, S6720-HI and S6730-H. We need information about this equipments.  
chenhui
chenhui Admin Created Jan 10, 2020 10:07:09 Helpful(0) Helpful(0)

@LuizPuppin 

from the page Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

the resolve versions for S5700 and S6700 are V200R008, which I think means the problem is resolved in V200R008 and later. Else, if I got a switch with version V200R012, I should downgrade to V200R008, which I think is unreasonable.

Anyway, I'll check it with the R&D guys.


View more
  • x
  • convention:

LuizPuppin
LuizPuppin Created Jan 10, 2020 10:23:17
@chenhui
But the R008 version doesn't support S6720-HI, S6730 and some models of S5720. This is a very old version.  
offshore.kiwi
offshore.kiwi Created Jan 10, 2020 14:24:01 Helpful(0) Helpful(0)

I had the same question - thanks for asking @LuizPuppin
View more
  • x
  • convention:

alexfilho
alexfilho Created Jan 11, 2020 12:28:18 Helpful(0) Helpful(0)

Good morning @LuizPuppin this bug has been fixed, I think they have confused when reporting the versions with vulnerability.


Following is the link with the vulnerable versions and the version that corrects the error:

https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-rsa-en


Att Alexandro Ferreia.

Coreção


View more
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login

Huawei Enterprise Support Community
Huawei Enterprise Support Community