H3C Technical Bulletin on Zip Slip Security Vulnerability

 

Background

On June 5, researchers at British network security company Synk publicly disclosed a key vulnerability "Zip Slip". The vulnerability affects thousands of development projects in a variety of ecosystems, including Java, allowing attackers to implement remote arbitrary code execution on target systems.

Impact

By exploiting this vulnerability, an attacker could even use a malicious file to overwrite an application's legitimate executable or configuration file (such as a critical OS library or server configuration file), enticing the target system or user to run it. Thus implementing remote arbitrary code execution on the victim's host.

H3C Products

H3C R&D team quickly investigated the H3C products after the vulnerabilities were publicly disclosed.

We found below products are in impact scope:

l H3CloudOS/H3CloudCMP

l SDN

l BigData

l Safety and ecological cooperation products

Solution for H3C Products

For product solutions, please contact H3C Service Hotline: +852 2907 0456 or email: service_hk@h3c.com.