Lucene search

Huawei TechnologiesHUAWEI-SA-20171018-01-BLUEBORNE

HistoryOct 18, 2017 - 12:00 a.m.

Security Advisory – Multiple “BlueBorne” vulnerabilities on Huawei Products

2017-10-1800:00:00

Huawei Technologies

www.huawei.com

150

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.024 Low

EPSS

Percentile

90.0%

JSON

There are multiple vulnerabilities of the BlueTooth Network in some Huawei products. These vulnerabilities are as follows:

1.Remote Code Execution Vulnerability

This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering). Due to a flaw in the BNEP service, successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code on affected devices. (Vulnerability ID: HWPSIRT-2017-09131)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0781.

2. Remote Code Execution vulnerability

This vulnerability is similar to the previous one, but resides in a higher level of the BNEP service – the Personal Area Networking (PAN) profile – which is responsible for establishing an IP based network connection between two devices. Similar to the previous vulnerability, successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code on affected devices. (Vulnerability ID: HWPSIRT-2017-09132)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0782.

3. The Bluetooth Pineapple – Man in The Middle attack

This vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through the malicious network interface. This vulnerability could allow an attacker to launch man-in-the-middle (MITM) attacks. (Vulnerability ID: HWPSIRT-2017-09133)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0783.

4. Information Leak Vulnerability

The vulnerability was found in the SDP (Service Discovery Protocol) server, which enables the device to identify other Bluetooth services around it. The flaw allows the attacker to send a set of crafted requests to the server, causing it to disclose memory bits in response. These pieces of information can later be used by the attacker to overcome advanced security measures and take control over the device. (Vulnerability ID: HWPSIRT-2017-09134)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0785.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-blueborne-en

Affected configurations

Vulners

Node

huaweiwarsaw-al00Matchcam-al00c00b220

huaweicam-tl00Matchcam-tl00c01b220

huaweicam-tl00hMatchcam-tl00hc00b220

huaweicam-ul00Matchcam-ul00c00b220

huaweicam-ul00Matchcam-ul00c17b220

huaweicannes-emui5.0Matchcannes-al10c00b375

huaweicannes-emui5.0Matchcannes-al10c745b372

huaweicannes-emui5.0Matchcannes-tl20c01b376

huaweichopin-w09aMatchcpn-w09c233b060

huaweiep820-d04a_tdMatchv100r003c00

huaweijimmy-l22hnMatchjimmy-al00ac00b105

huaweijordan-w09bMatchjdn-al00c233b018

huaweijordan-w09bMatchjdn-w09c233b010

huaweikobe-w09chnMatchkob-w09c233b012

huaweilon-al00bMatchlon-al00bc00b139d

huaweilon-al00bMatchlon-al00bc00b229

huaweilon-l29dMatchlon-l29dc721b186

huaweimilan-emui5.0Matchmla-al00c00b356

huaweimilan-emui5.0Matchmla-al10c00b356

huaweimilan-emui5.0Matchmla-tl00c01b356

huaweimilan-emui5.0Matchmla-tl10c01b356

huaweimilan-emui5.0Matchmla-tl10c752b356

huaweimilan-emui5.0Matchmla-ul00c17b356

huaweiwarsaw-al00Range<NTS-AL00C00B541

huaweiprague-al00bMatchprague-al00ac00b190

huaweiprague-al00bMatchprague-al00bc00b190

huaweiprague-al00cMatchprague-al00cc00b190

huaweiprague-tl00aMatchprague-tl00ac01b190

huaweiprague-tl10aMatchprague-tl10ac01b190

huaweitorontoMatchtoronto-al00c00b201

huaweitorontoMatchtoronto-al00ac00b201

huaweitoronto-tl10Matchtoronto-tl10c01b201

huaweivicky-al00aMatchvicky-al00ac00b124d

huaweivicky-al00aMatchvicky-al00ac00b157d

huaweivicky-al00aMatchvicky-al00ac00b172

huaweivicky-al00aMatchvicky-al00cc768b123

huaweivicky-al00aMatchvicky-l29ac10b151

huaweivicky-al00aMatchvicky-l29ac605b162

huaweivicky-al00aMatchvicky-l29ac636b162

huaweiever-l29bMatchvicky-l29bc185b165

huaweiever-l29bMatchvicky-l29bc432b162

huaweiever-l29bMatchvicky-l29bc576b150

huaweifigo-tl00aMatchvicky-tl00ac01b172

huaweivictoria-al00aMatchvictoria-l29ac10b151

huaweivictoria-al00aMatchvictoria-l29ac636b113

CPENameOperatorVersion
cam-al00eqCAM-AL00C00B220
cam-tl00eqCAM-TL00C01B220
cam-tl00heqCAM-TL00HC00B220
cam-ul00eqCAM-UL00C00B220
cam-ul00eqCAM-UL00C17B220
cannes-emui5.0eqCannes-AL10C00B375
cannes-emui5.0eqCannes-AL10C745B372
cannes-emui5.0eqCannes-TL20C01B376
chopin-w09aeqCPN-W09C233B060
ep820-d04a_tdeqV100R003C00

Name	Operator	Version
cam-al00	eq	CAM-AL00C00B220
cam-tl00	eq	CAM-TL00C01B220
cam-tl00h	eq	CAM-TL00HC00B220
cam-ul00	eq	CAM-UL00C00B220
cam-ul00	eq	CAM-UL00C17B220
cannes-emui5.0	eq	Cannes-AL10C00B375
cannes-emui5.0	eq	Cannes-AL10C745B372
cannes-emui5.0	eq	Cannes-TL20C01B376
chopin-w09a	eq	CPN-W09C233B060
ep820-d04a_td	eq	V100R003C00