Lucene search

[email protected]CVE-2019-5254

HistoryDec 13, 2019 - 11:15 p.m.

CVE-2019-5254

2019-12-1323:15:00

CWE-125

[email protected]

web.nvd.nist.gov

huawei

out-of-bounds read

vulnerability

crafted messages

abnormal behavior

nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.3%

JSON

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.

CPENameOperatorVersion
huawei:ap2000_firmwarehuawei ap2000 firmwareeqv200r005c30
huawei:ap2000_firmwarehuawei ap2000 firmwareeqv200r006c10
huawei:ap2000_firmwarehuawei ap2000 firmwareeqv200r006c20
huawei:ap2000_firmwarehuawei ap2000 firmwareeqv200r007c10
huawei:ap2000_firmwarehuawei ap2000 firmwareeqv200r007c20
huawei:ap2000_firmwarehuawei ap2000 firmwareeqv200r008c00
huawei:ap2000_firmwarehuawei ap2000 firmwareeqv200r008c10
huawei:ap2000_firmwarehuawei ap2000 firmwareeqv200r009c00
huawei:ips_firmwarehuawei ips firmwareeqv500r001c00spc300
huawei:ips_firmwarehuawei ips firmwareeqv500r001c00spc500

CPE	Name	Operator	Version
huawei:ap2000_firmware	huawei ap2000 firmware	eq	v200r005c30
huawei:ap2000_firmware	huawei ap2000 firmware	eq	v200r006c10
huawei:ap2000_firmware	huawei ap2000 firmware	eq	v200r006c20
huawei:ap2000_firmware	huawei ap2000 firmware	eq	v200r007c10
huawei:ap2000_firmware	huawei ap2000 firmware	eq	v200r007c20
huawei:ap2000_firmware	huawei ap2000 firmware	eq	v200r008c00
huawei:ap2000_firmware	huawei ap2000 firmware	eq	v200r008c10
huawei:ap2000_firmware	huawei ap2000 firmware	eq	v200r009c00
huawei:ips_firmware	huawei ips firmware	eq	v500r001c00spc300
huawei:ips_firmware	huawei ips firmware	eq	v500r001c00spc500

Rows per page:

1-10 of 2441

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.3%

JSON

Related for CVE-2019-5254

cvelist1 prion1 huawei1 openvas1