Security Advisory - Remote Code Execution vulnerability in Apache Struts2


The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution. The problem only applies when forcing OGNL evaluation inside a Struts tag attribute, when the expression to evaluate references raw, unvalidated input that an attacker is able to directly modify by crafting a corresponding request. (Vulnerability ID: HWPSIRT-2020-49789) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-0230. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: [http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-struts2-en](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-struts2-en>) [](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en>)

Affected Software

CPE Name Name Version
agile controller-campus V100R002C00
agile controller-campus V100R002C10
agile controller-campus V100R002C10SPC400
agile controller-campus V100R002C10SPC403
agile controller-campus V100R002C10SPC405
agile controller-campus V100R002C10SPC408
agile controller-campus V100R002C10SPC409
agile controller-campus V100R003C30
agile controller-campus V100R003C50
agile controller-campus V100R003C60
smsgw V100R001C01LG0701
smsgw V100R001C01LG0801
smsgw V100R001C01LG0801SPC001
smsgw V100R001C01LG0901
smsgw V100R001C01LG0901SPC001
smsgw V100R002C11LG1901
smsgw V100R002C11LG2501
smsgw V100R002C11LG2601
smsgw V100R002C11LG3001
smsgw V100R002C11LG3201
smsgw V100R002C11LG3501
smsgw V100R002C11LG3701
smsgw V100R002C11LG3801
smsgw V100R003C01LG2401
smsgw V100R003C01LG3501
smsgw V100R003C01LG3601
smsgw V100R003C01LG3601SPC001
smsgw V100R003C01LG3701
smsgw V100R003C01LG3801
smsgw V100R003C01LG3901
smsgw V100R003C01LG4001
smsgw V100R003C01LG4101
smsgw V100R003C01LG4101SPC001
smsgw V100R003C01LG4201
smsgw V100R003C01LG4301
smsgw V100R003C01LG5101
smsgw V100R003C01LG5201
smsgw V100R003C01LG5401
smsgw V100R003C01LG5501
smsgw V100R003C01LG6001
smsgw V100R003C01LG6101
smsgw V100R003C01LG6201
smsgw V100R003C01LG6301
smsgw V100R003C01LG6701
smsgw V100R003C01LG6801
smsgw V100R003C01LG6901
smsgw V100R003C01LG7001
smsgw V100R003C01LG7101
smsgw V100R003C01LG7201
smsgw V100R003C01LG7301
smsgw V100R003C01LG7401
smsgw V100R003C01LG7701
smsgw V100R003C01LRC001
smsgw V100R003C01LRC003
smsgw V100R003C01LRC008
smsgw V100R003C01LRC009
smsgw V100R003C01LRC010SPC001
smsgw V100R003C01LRG001
smsgw V100R003C01LRG002
smsgw V100R003C01LRG003
smsgw V100R003C01LRG009
smsgw V100R003C01LRG020
smsgw V100R003C01LRG021
smsgw V100R003C01LRG022
smsgw V100R003C01LRG024
smsgw V100R003C01LRG025
smsgw V100R003C01LRG029
smsgw V100R003C01LRG030
smsgw V100R003C01LRG032
smsgw V100R003C01LRG033
smsgw V100R003C01LRG034
smsgw V100R003C01LRG037
smsgw V100R003C01LRI001
smsgw V100R003C01LRI002
smsgw V100R003C01LRM001
smsgw V100R003C01LRS001
smsgw V100R003C01LRW001
smsgw V100R003C01LRW002
smsgw V100R003C01LU0701
smsgw V100R003C01LU0801
smsgw V100R003C01LU0901
smsgw V100R003C01LU1001
smsgw V100R003C01LU1101
smsgw V100R003C01LU1201
smsgw V100R003C01LU1301
smsgw V100R003C01LU1401
smsgw V100R003C01LU1501
smsgw V100R003C01LU1601
smsgw V100R003C01LU1701
smsgw V100R003C01LU2201
smsgw V100R003C01LU2301
smsgw V100R003C01LU2601
smsgw V100R003C01LU2701
imanager neteco V600R008C00
imanager neteco V600R008C00SPC100
imanager neteco V600R008C10
imanager neteco V600R008C10SPC100
imanager neteco V600R008C20
imanager neteco V600R008C20SPC100
imanager neteco V600R008C30
imanager neteco V600R009C00
imanager neteco V600R009C10SPC200
imanager neteco 6000 V600R007C80
imanager neteco 6000 V600R007C80SPC100
imanager neteco 6000 V600R007C80SPC200
imanager neteco 6000 V600R007C90
imanager neteco 6000 V600R007C90SPC100
imanager neteco 6000 V600R007C91
imanager neteco 6000 V600R007C91SPC100
imanager neteco 6000 V600R008C00SPC100
imanager neteco 6000 V600R008C10SPC100
imanager neteco 6000 V600R008C10SPC300
imanager neteco 6000 V600R008C20