Huawei Data Communication: Weak Algorithm Vulnerability in Huawei VRP Platform (huawei-sa-20191204-01-vrp)

There is a weak algorithm vulnerability in Huawei VRP platform.

There is a weak algorithm vulnerability in Huawei VRP platform. These products use SSH to ensure transmission security, but the SSH algorithm suite includes weak algorithms, such as AES128-CBC, AES256-CBC, and 3DES-CBC while these weak algorithms is enable by default. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. (Vulnerability ID: HWPSIRT-2019-02008)Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.

S12700 versions V200R007C00 V200R007C01 V200R007C20 V200R008C00 V200R010C00 V200R011C10 V200R012C00 S1700 versions V200R006C10 V200R010C00 V200R011C10 V200R012C00 V200R012C20 S2700 versions V200R006C00 V200R006C10 V200R007C00 V200R008C00 V200R010C00 V200R011C00 V200R011C10 V200R012C00 S5700 versions V200R005C00 V200R005C02 V200R005C03 V200R006C00 V200R007C00 V200R008C00 V200R010C00 V200R011C00 V200R011C10 V200R012C00 V200R012C20 S6700 versions V200R005C00 V200R005C01 V200R005C02 V200R008C00 V200R010C00 V200R011C00 V200R011C10 V200R012C00 S7700 versions V200R006C00 V200R007C00 V200R008C00 V200R010C00 V200R011C10 V200R012C00 S9700 versions V200R006C00 V200R007C00 V200R007C01 V200R008C00 V200R010C00 V200R011C10 V200R012C00

Checks if a vulnerable version is present on the target host.

See the referenced vendor advisory for a solution.