Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Announcement of PSIRT

Announcement of PSIRT

Created: Jan 9, 2020 19:47:53Latest reply: Jan 11, 2020 12:28:18 569 6 0 0 1
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Dear All,


    Tomorrow was announced by Huawei PSIRT a vulnerability "Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products". 


    But on Software Version and Fixes, the recommended fix software showed is no more supported for a lot of affected devices.


    Where I can find the correct version that can correct this vulnerability?


Regards,

Like (0) Dislike (0) Favorite(1) Share Report
Previous: BGP hcip
Next: What is the function of the avoid-feedback parameter in the IS-IS summary command
Featured Answers

Best answer

(0) (0)
alexfilho
Created Jan 11, 2020 12:28:18

Good morning @LuizPuppin this bug has been fixed, I think they have confused when reporting the versions with vulnerability.


Following is the link with the vulnerable versions and the version that corrects the error:

https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-rsa-en


Att Alexandro Ferreia.

Coreção


View more
  • x
  • convention:
All Answers
(0) (0)
2#
chenhui
chenhui Admin Created Jan 10, 2020 05:42:06

@LuizPuppin hello,
what is the model of your affected devices?
View more
  • x
  • convention:

LuizPuppin
LuizPuppin Created Jan 10, 2020 09:25:15 (0) (0)
ISP Market usually uses S5720-LI, S5720-EI, S6720-EI, S6720-HI and S6730-H. We need information about this equipments.  
(0) (0)
3#
chenhui
chenhui Admin Created Jan 10, 2020 10:07:09

@LuizPuppin 

from the page Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

the resolve versions for S5700 and S6700 are V200R008, which I think means the problem is resolved in V200R008 and later. Else, if I got a switch with version V200R012, I should downgrade to V200R008, which I think is unreasonable.

Anyway, I'll check it with the R&D guys.


View more
  • x
  • convention:

LuizPuppin
LuizPuppin Created Jan 10, 2020 10:23:17 (0) (0)
@chenhui
But the R008 version doesn't support S6720-HI, S6730 and some models of S5720. This is a very old version.  
(0) (0)
4#
offshore.kiwi
offshore.kiwi Created Jan 10, 2020 14:24:01

I had the same question - thanks for asking @LuizPuppin
View more
  • x
  • convention:
(0) (0)
5#
alexfilho
alexfilho Created Jan 11, 2020 12:28:18

Good morning @LuizPuppin this bug has been fixed, I think they have confused when reporting the versions with vulnerability.


Following is the link with the vulnerable versions and the version that corrects the error:

https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-rsa-en


Att Alexandro Ferreia.

Coreção


View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.