Lucene search

[email protected]CVE-2019-19397

HistoryDec 13, 2019 - 3:15 p.m.

CVE-2019-19397

2019-12-1315:15:11

[email protected]

web.nvd.nist.gov

weak algorithm

vulnerability

huawei products

information leaks

cve-2019-19397

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.9%

JSON

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.

Affected configurations

NVD

Node

huaweis12700_firmwareMatchv200r007c00

huaweis12700_firmwareMatchv200r007c01

huaweis12700_firmwareMatchv200r007c20

huaweis12700_firmwareMatchv200r008c00

huaweis12700_firmwareMatchv200r010c00

huaweis12700_firmwareMatchv200r011c10

huaweis12700_firmwareMatchv200r012c00

AND

huaweis12700Match-

Node

huaweis1700_firmwareMatchv200r006c10

huaweis1700_firmwareMatchv200r010c00

huaweis1700_firmwareMatchv200r011c10

huaweis1700_firmwareMatchv200r012c00

huaweis1700_firmwareMatchv200r012c20

AND

huaweis1700Match-

Node

huaweis2700_firmwareMatchv200r006c00

huaweis2700_firmwareMatchv200r006c10

huaweis2700_firmwareMatchv200r007c00

huaweis2700_firmwareMatchv200r008c00

huaweis2700_firmwareMatchv200r010c00

huaweis2700_firmwareMatchv200r011c00

huaweis2700_firmwareMatchv200r011c10

huaweis2700_firmwareMatchv200r012c00

AND

huaweis2700Match-

Node

huaweis5700_firmwareMatchv200r005c00

huaweis5700_firmwareMatchv200r005c02

huaweis5700_firmwareMatchv200r005c03

huaweis5700_firmwareMatchv200r006c00

huaweis5700_firmwareMatchv200r007c00

huaweis5700_firmwareMatchv200r008c00

huaweis5700_firmwareMatchv200r010c00

huaweis5700_firmwareMatchv200r011c00

huaweis5700_firmwareMatchv200r011c10

huaweis5700_firmwareMatchv200r012c00

huaweis5700_firmwareMatchv200r012c20

AND

huaweis5700Match-

Node

huaweis6700_firmwareMatchv200r005c00

huaweis6700_firmwareMatchv200r005c01

huaweis6700_firmwareMatchv200r005c02

huaweis6700_firmwareMatchv200r008c00

huaweis6700_firmwareMatchv200r010c00

huaweis6700_firmwareMatchv200r011c00

huaweis6700_firmwareMatchv200r011c10

huaweis6700_firmwareMatchv200r012c00

AND

huaweis6700Match-

Node

huaweis7700_firmwareMatchv200r006c00

huaweis7700_firmwareMatchv200r007c00

huaweis7700_firmwareMatchv200r008c00

huaweis7700_firmwareMatchv200r010c00

huaweis7700_firmwareMatchv200r011c10

huaweis7700_firmwareMatchv200r012c00

AND

huaweis7700Match-

Node

huaweis9700_firmwareMatchv200r006c00

huaweis9700_firmwareMatchv200r007c00

huaweis9700_firmwareMatchv200r007c01

huaweis9700_firmwareMatchv200r008c00

huaweis9700_firmwareMatchv200r010c00

huaweis9700_firmwareMatchv200r011c10

huaweis9700_firmwareMatchv200r012c00

AND

huaweis9700Match-

CPENameOperatorVersion
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r007c00
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r007c01
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r007c20
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r008c00
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r010c00
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r011c10
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r012c00

CPE	Name	Operator	Version
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r007c00
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r007c01
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r007c20
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r008c00
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r010c00
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r011c10
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r012c00

CNA Affected

[
  {
    "product": "S12700;S1700;S2700;S5700;S6700;S7700;S9700",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V200R007C00"
      },
      {
        "status": "affected",
        "version": "V200R007C01"
      },
      {
        "status": "affected",
        "version": "V200R007C20"
      },
      {
        "status": "affected",
        "version": "V200R008C00"
      },
      {
        "status": "affected",
        "version": "V200R010C00"
      },
      {
        "status": "affected",
        "version": "V200R011C10"
      },
      {
        "status": "affected",
        "version": "V200R012C00"
      },
      {
        "status": "affected",
        "version": "V200R006C10"
      },
      {
        "status": "affected",
        "version": "V200R012C20"
      },
      {
        "status": "affected",
        "version": "V200R006C00"
      },
      {
        "status": "affected",
        "version": "V200R011C00"
      },
      {
        "status": "affected",
        "version": "V200R005C00"
      },
      {
        "status": "affected",
        "version": "V200R005C02"
      },
      {
        "status": "affected",
        "version": "V200R005C03"
      },
      {
        "status": "affected",
        "version": "V200R005C01"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for CVE-2019-19397

huawei1 openvas1 prion1 cvelist1 nvd1