Huawei Update
3440Warning Date
Severity Level
Warning Number
Target Sector
25 September, 2019
● Medium
2019-462
All
Description:
Huawei has released security Updates to address vulnerabilities in the following products:
- P30 Smartphone Versions earlier than ELLE-AL00B 9.1.0.193
- FusionModule1000A V100R003C10
- EulerOS V200R002C10, V200R002C20, V200R003C00 V200R005C00
- FusionSphere OpenStack V100R005C00, V100R005C10, V100R006C00, V100R006C10, V100R006C30
- ManageOne V100R003C00, V100R006C30
- OceanStor Backup Software V100R001C00, V100R002C00, V200R001C00
- SMC2.0 V100R003C10, V500R002C00
- eSpace VCN3000 V100R002C00, V100R002C10, V100R002C20
- iManager NetEco V600R007C00, V600R007C10, V600R007C11, V600R007C12, V600R007C20, V600R007C40
- iManager NetEco 6000 V600R007C40, V600R007C60, V600R007C80 V600R007C90
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cause the camera program breaks down.
- Execute arbitrary code.
- Escalation of privilege.
Best practice and Recommendations:
The CERT team encourages users to review Huawei security advisory and apply the necessary Updates:
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en
- The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.