1
Introduction
This document describes the features, restrictions and guidelines, open problems, and workarounds
for version R9628P2414. Before you use this version on a live network, back up the configuration
and test the version to avoid software upgrade affecting your live network.
Use this document in conjunction with
H3C SECPATH5080F-CMW710-R9628P2414Release Notes
(Software Feature Changes)
and the documents listed in "
."
List of severe vulnerabilities
[HSVD-201709-002] CVE-2019-3855: An attacker can exploit this vulnerability to execute
unauthorized operations.
[HSVD-201903-017] CVE-2019-3855: An integer overflow flaw which could lead to an out of
bounds write was discovered in libssh2 in the way packets are read from the server. libssh2 is a
client-side C library implementing the SSH2 protocol. A remote attacker who compromises an
SSH server may be able to execute code on the client system when a user connects to the
server.
[HSVD-201904-001] TCP/IP SYN + FIN packet filtering vulnerability: A remote host does not
discard TCP SYN packets with the FIN flag set. An attacker might bypass the firewall,
depending on the type of firewall used.
[HSVD-201902-001] A remote host can exploit the TCP timestamp vulnerability to obtain the
online time.
[HSVD-201901-016] CVE-2019-0548: A Linux kernel vulnerability that can cause information
revealing.
[JavaScript library vulnerability]: Internal IP addresses in destination URLs might be revealed.
[CVE-2020-10188]:
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to
execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the
netclear and nextitem functions.
[Web JavaScript vulnerability]: A medium-risk vulnerability found during Web vulnerability
scanning.
[Web CSRF vulnerability]: An CSRF vulnerability was found on the SSL VPN Web login
interface.
[HTTP method vulnerability]: An attacker can use the OPTIONS method to determine the HTTP
methods allowed by each directory.
[CRLF injection vulnerability]: This vulnerability can be exploited when an HTTP request
contains a user-configured domain in the cookies or the request is GET
/enterdomain.cgi?domain=%0d%0aSomeCustomInjectedHeader:%0d%0aset-cookie:iamyy
HTTP1/1.
[CNVD-2019-38485] CVE-2019-1547: An attacker can exploit this vulnerability to obtain
sensitive information.
[CNVD-2019-38486] CVE-2019-1563: In situations where an attacker receives automated
notification of the success or failure of a decryption attempt, an attacker, after sending a very
large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption
key or decrypt any RSA encrypted message that was encrypted with the public RSA key.
[CNVD-2017-00450] CVE-2016-7056: A timing attack flaw was found in OpenSSL 1.0.1u and
before that could allow a malicious user with local access to recover ECDSA P-256 private
keys.
