Security Advisory - Two Vulnerabilities in Huawei TE Series Product

Huawei TE series is a multimedia video conferencing endpoint that transfers audio, video, and desktop resources based on IP networks. It offers point-to-point and multiparty conferences for attendees at different places to enjoy face-to-face audio/video communication experience.

A security vulnerability exists in the presentatibon sending/receiving permission management mechanism of Huawei TE product. An attacker can access the TE through Wi-Fi to trigger abnormal processing of wireless presentation in specific scenarios. As a result, the sending of wired presentation in use stops, affecting normal services. (Vulnerability ID: HWPSIRT-2015-08043)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8672.

The Debug account on Huawei TE product has an old password check vulnerability. If a user logs in to a PC using the Debug account and leaves the PC, an attacker changes the password of the Debug account without entering the old password and obtains the permissions of the Debug account. (Vulnerability ID: HWPSIRT-2015-10002)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8673.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

<http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462952.htm&gt;