Security Advisory-Multiple Vulnerabilities on Huawei Tecal

Some Huawei server products have multiple security vulnerabilities.
1.Some Huawei server products have the sensitive information leak vulnerability. Users who log in to the products can view the sessions IDs of all online users on the Online Users page of the web UI. Attackers can also view the session IDs of users and access the system with forged identities (vulnerability ID: HWPSIRT-2014-11109).
This vulnerability has been assigned a CVE ID: CVE-2014-9691.
2.Some Huawei server products have the insufficiently random RMCP+ session ID vulnerability. The products can use only few limited RMCP+ session IDs. Attackers can figure out the RMCP+ session IDs of users and access the system with forged identities (vulnerability ID: HWPSIRT-2014-11113).
This vulnerability has been assigned a CVE ID: CVE-2014-9692.
3.Some Huawei server products have the cache overflow vulnerability. When processing some packets from the DNS server, the products do not identify the data length. Attackers can exploit the vulnerability to execute arbitrary code or restart the system (vulnerability ID: HWPSIRT-2014-11114).
This vulnerability has been assigned a CVE ID: CVE-2014-9693.
4.Some Huawei server products have the CSRF vulnerability. The products do not use the Token mechanism for web access control. When users log in to the Huawei servers and access websites containing the malicious CSRF script, the CSRF script is executed, which may cause configuration tampering and system restart (HWPSIRT-2014-11115).
This vulnerability has been assigned a CVE ID: CVE-2014-9694.