Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20190712-01-MDS
HistoryJul 12, 2019 - 12:00 a.m.

Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities

2019-07-1200:00:00
Huawei Technologies
www.huawei.com
49

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

40.4%

Intel officially released a group of microarchitecture data sampling (MDS) vulnerabilities. An attacker with local access to a targeted system may exploit these vulnerabilities to obtain data on the targeted system, causing some information leakage. (Vulnerability ID: HWPSIRT-2019-05136, HWPSIRT-2019-05137, HWPSIRT-2019-05138 and HWPSIRT-2019-05139)

The four vulnerabilities have been assigned four Common Vulnerabilities and Exposures (CVE) IDs: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en

Affected configurations

Vulners
Node
huawei1288h_v5Range<V100R005C00SPC124
OR
huawei2288h_v5Range<V100R005C00SPC124
OR
huaweich121_v5Range<V100R005C00SPC171
OR
huaweich121_v5Range<1.0.0.SPC105
OR
huaweich121_v5Range<5.0.RC5
OR
huawei2488_v5Range<V100R005C00SPC512
OR
huaweich121_v5Range<V100R005C00SPC213
OR
huaweirh2288_v3Range<V100R003C00SPC709
OR
huaweich121_v5Range<V100R005C00SPC113
OR
huaweitecal_bh620_v2Range<V100R002C00SPC302
OR
huaweitecal_bh621_v2Range<V100R002C00SPC301
OR
huaweitecal_bh622_v2Range<V100R002C00SPC309
OR
huaweitecal_bh640_v2Range<V100R002C00SPC307
OR
huaweich121_v3Range<V100R001C00SPC286
OR
huaweich121l_v3Range<V100R001C00SPC286
OR
huaweich140_v3Range<V100R001C00SPC286
OR
huaweich140l_v3Range<V100R001C00SPC286
OR
huaweich220_v3Range<V100R001C00SPC286
OR
huaweich222_v3Range<V100R001C00SPC286
OR
huaweirh2288_v3Range<V100R001C00SPC286
OR
huaweich226_v3_serverRange<V100R001C00SPC286
OR
huaweich121_v5Range<V100R001C00SPC166
OR
huaweich242_v5Range<V100R001C00SPC166
OR
huaweirh2288_v3Range<V100R001C00SPC290
OR
huaweitecal_ch221Range<V100R001C00SPC176
OR
huaweich121_v5Range<V100R001C00SPC180
OR
huaweich242_v3Range<V100R001C00SPC286
OR
huaweirh2288a_v2Range<V100R002C00SPC303
OR
huaweitecal_dh620_v2Range<V100R001C00SPC202
OR
huaweitecal_dh621_v2Range<V100R001C00SPC202
OR
huaweirh2288a_v2Range<V100R002C00SPC202
OR
huaweitecal_dh628_v2Range<V100R001C00SPC201
OR
huaweifusionsphere_openstackMatchV100R006C00RC3B036
OR
huaweihuawei_firmwareRange<1.0.2.SPC7
OR
huaweitecal_rh1288_v2Range<V100R002C00SPC640
OR
huaweirh1288_v3Range<V100R003C00SPC712
OR
huaweirh2288h_v3Range<V100R003C00SPC712
OR
huaweirh1288a_v2Range<V100R002C00SPC710
OR
huaweitecal_rh2285_v2Range<V100R002C00SPC511
OR
huaweitecal_rh2285h_v2Range<V100R002C00SPC511
OR
huaweitecal_rh2288_v2Range<V100R002C00SPC610
OR
huaweirh2288_v3Range<V100R003C00SPC711
OR
huaweirh2288a_v2Range<V100R002C00SPC710
OR
huaweitecal_rh2288h_v2Range<V100R002C00SPC620
OR
huaweitecal_rh2485_v2Range<V100R002C00SPC713
OR
huaweirh5885_v3_serverRange<V100R003C01SPC126
OR
huaweirh5885_v3_serverRange<V100R003C01SPC129
OR
huaweitecal_rh5885h_v3Range<V100R003C00SPC219
OR
huaweitecal_rh5885h_v3Range<V100R003C10SPC126
OR
huaweirh8100_v3Range<V100R003C00SPC233
OR
huaweismc2.0MatchV500R002C00
OR
huaweismc2.0MatchV600R006C00
OR
huaweismc2.0MatchV600R006C10
OR
huaweismc2.0MatchV600R019C00
OR
huaweismc2.0MatchV600R019C10
OR
huaweix6800_v3_serverRange<V100R005C10SPC106
OR
huaweixh321_v3Range<V100R002C00SPC306
OR
huaweixh321_v3Range<V100R003C00SPC710
OR
huaweixh620_v3Range<V100R003C00SPC710
OR
huaweixh622_v3_serverRange<V100R003C00SPC710
OR
huaweixh628_v3Range<V100R003C00SPC710
OR
huaweirh2288_v3Range<V100R003C00SPC710
OR
huaweixh321_v5Range<V100R005C00SPC504
OR
huaweich121_v5Range<V100R005C00SPC508
OR
huaweihuawei_firmwareMatchV100R004C10
OR
huaweihuawei_firmwareMatchV100R005C00
OR
huaweihuawei_firmwareMatchV100R005C10
OR
huaweiecns280MatchV100R005C00
OR
huaweiecns280MatchV100R005C00SPC002
OR
huaweiecns280MatchV100R005C00SPC300
OR
huaweiecns280MatchV100R005C00SPC306
OR
huaweiecns280MatchV100R005C00SPC316
OR
huaweiecns280MatchV100R005C00SPC326
OR
huaweiecns280MatchV100R005C10
OR
huaweiecns280MatchV100R005C10SPC100
OR
huaweihuawei_firmwareMatchV100R005C00
OR
huaweihuawei_firmwareMatchV100R005C10
OR
huaweihuawei_firmwareMatchV100R004C10
OR
huaweihuawei_firmwareMatchV100R005C00
OR
huaweihuawei_firmwareMatchV100R005C10
OR
huaweihuawei_firmwareMatchV100R005C00
OR
huaweihuawei_firmwareMatchV100R005C10
OR
huaweiespace_usmMatchV300R001C00
OR
huaweiespace_usmMatchV300R001C00SPC100
OR
huaweiespace_usmMatchV300R001C00SPC200
OR
huaweiespace_usmMatchV300R001C00SPC300
OR
huaweiespace_usmMatchV300R001C00SPC302
OR
huaweiespace_usmMatchV300R001C00SPC500
OR
huaweiespace_usmMatchV300R001C00SPC600
OR
huaweiespace_usmMatchV300R001C00SPC700
OR
huaweiespace_usmMatchV300R001C00SPC701
OR
huaweiespace_usmMatchV300R001C00SPC703
OR
huaweiespace_usmMatchV300R001C00SPC800
OR
huaweiespace_usmMatchV300R001C00SPC900
OR
huaweiespace_usmMatchV300R001C00SPC901
OR
huaweiespace_usmMatchV300R001C00SPC902
OR
huaweiespace_usmMatchV300R001C00SPH201
OR
huaweiespace_usmMatchV300R001C00SPH202
OR
huaweiespace_usmMatchV300R001C00SPH301
OR
huaweiespace_usmMatchV300R001C00SPH702
OR
huaweieudc660MatchV100R004C10
OR
huaweieudc660MatchV100R005C00
OR
huaweieudc660MatchV100R005C10
OR
huaweiimanager_neteco_6000MatchV600R007C40
OR
huaweiimanager_neteco_6000MatchV600R007C60
OR
huaweiimanager_neteco_6000MatchV600R007C80
OR
huaweiimanager_neteco_6000MatchV600R007C90
OR
huaweiimanager_neteco_6000MatchV600R008C00
OR
huaweiimanager_neteco_6000MatchV600R008C10
OR
huaweiimanager_neteco_6000MatchV600R008C20

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

40.4%