Huawei Technologies Information for VU#225404

HP/H3C and Huawei networking equipment h3c-user snmp vulnerability

Status

Affected

Vendor Statement

On Oct. 19, Huawei PSIRT noticed the media report titled “Demo of "serious" networking vulnerabilities cancelled at HP's request-Saturday's Toorcon talk was to discuss risks posed by gear from H3C and Huawei” . Huawei PSIRT responded immediately and proactively coordinate Kurt Grutzmacher, US-CERT, CERT/CC and CNCERT to handle the issue. On Oct. 24, Huawei PSIRT finally acquired the technical details of the vulnerabilities from the public channel of US-CERT and launched shortly the vulnerability analysis and investigation to develop the mitigation measures. The first version of “SNMP vulnerability on Huawei multiple products” SA was released on Oct. 25. The investigation is still ongoing. Huawei PSIRT will keep updating the SA. Please refer to the above link.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001069&idAbsPath=0301_10001&nameAbsPath=Services%2520News

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.