Huawei Updates
2603Warning Date
Severity Level
Warning Number
Target Sector
23 January, 2020
● Medium
2020-841
All
Description:
Huawei has released security updates to address vulnerabilities in the following products:
- HEGE-560
- 1.0.1.20(SP2)
- 1.0.1.21(SP3)
- HEGE-570
- 1.0.1.22(SP3)
- OSCA-550
- 1.0.0.71(SP1)
- 1.0.1.21(SP3)
- OSCA-550A
- 1.0.0.71(SP1)
- 1.0.1.21(SP3)
- OSCA-550AX
- 1.0.0.71(SP2)
- 1.0.1.21(SP3)
- OSCA-550X
- 1.0.0.71(SP2)
- 1.0.1.21(SP3)
- GaussDB 200
- 6.5.1
- HUAWEI P10 Plus Smartphones
- Versions earlier than 9.1.0.201(C01E75R1P12T8)
- Versions earlier than 9.1.0.252(C185E2R1P9T8)
- Versions earlier than 9.1.0.252(C432E4R1P9T8)
- Versions earlier than 9.1.0.255(C576E6R1P8T8)
- Ever-L29B Smartphones
- Versions earlier than 10.0.0.180(C185E6R3P3)
- Versions earlier than 10.0.0.180(C432E6R1P7)
- Versions earlier than 10.0.0.180(C636E5R2P3)
- HUAWEI Mate 20 RS Smartphones
- Versions earlier than 10.0.0.175(C786E70R3P8)
- HUAWEI Mate 20 X Smartphones
- Versions earlier than 10.0.0.176(C00E70R2P8)
- Honor Magic2 Smartphones
- Versions earlier than 10.0.0.175(C00E59R2P11)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Bypass of a protection mechanism
- Commands injection
- Escalation of privilege
Best practice and Recommendations:
The CERT team encourages users to review Huawei security advisory and apply the necessary updates:
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-03-osca-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-gauss-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-osca-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-digitalbalance-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en