This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our private policy>

Vul. Response Process

During the whole process, PSIRT will strictly control the scope of information distribution amongst employees relevant to the vulnerability response. Meanwhile, PSIRT will also request the vulnerability reporter keep the vulnerability confidential until Huawei releases the public Security Advisory (SA)

Huawei uses two methods to disclose the security vulnerabilities:

  • SA(Security Advisory):to provide confirmed technical information, including but not limited to the mitigation measures and solutions;
  • SN(Security Notice):to provide general information related to the security vulnerability when the external parties have found or are concerned about Huawei vulnerability and Huawei hasn’t confirmed the provided information at this point.

When we release the public SA in the official website , we may also release the SA in text format on security forums, vulnerability database or email lists, however only The official Huawei website will be kept up-to-date with the current information

PSIRT uses CVSSv2 to give the Base Score, Temporal Score and attack vector of each vulnerability in the SA. The Environmental Score will be given by the customer based on their own environment. For the CVSSv2 standard, please refer to: http://nvd.nist.gov/cvss.cfm?vectorinfo&version=2

Huawei uses CVE (Common Vulnerability and Exposures) to quote the vulnerabilities outside of Huawei vulnerability disclosure websites.

Huawei PSIRT will release the summary of security Bulletin on the second Wednesday of each month.


Huawei assumes no responsibilities for the accuracy, integrity, sufficiency and reliability of the content and information in this Policy. All express or implied warranties are expressly disclaimed. Without limitation, there is no warranty of non-infringement and no warranty of fitness for a particular purpose. Your use or interpretation of the information provided in this document is at your sole risk. Any information provided in this document is subject to correction, revision and change without notice