Lucene search

Huawei TechnologiesHUAWEI-SA-20191204-01-VALIDATION

HistoryDec 04, 2019 - 12:00 a.m.

Security Advisory - Insufficient Verification of Data Authenticity Vulnerability in Some Huawei Products

2019-12-0400:00:00

Huawei Technologies

www.huawei.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

Some Huawei products has an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modifies the packets, and sends the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device abnormal. (Vulnerability ID: HWPSIRT-2019-04076)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5291.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en

Affected configurations

Vulners

Node

huaweiar120-sMatchV200R005C20

huaweiar120-sMatchV200R006C10

huaweiar120-sMatchV200R007C00

huaweiar120-sMatchV200R008C50

huaweiar1200MatchV200R005C00

huaweiar1200MatchV200R006C10

huaweiar1200MatchV200R007C00

huaweiar1200MatchV200R008C50

huaweiar1200-sMatchV200R005C20

huaweiar1200-sMatchV200R006C10

huaweiar1200-sMatchV200R007C00

huaweiar1200-sMatchV200R008C50

huaweiar150MatchV200R005C20

huaweiar150MatchV200R006C10

huaweiar150MatchV200R007C00

huaweiar150MatchV200R008C50

huaweiar150-sMatchV200R005C20

huaweiar150-sMatchV200R006C10

huaweiar150-sMatchV200R007C00

huaweiar150-sMatchV200R008C50

huaweiar160MatchV200R005C20

huaweiar160MatchV200R006C10

huaweiar160MatchV200R007C00

huaweiar160MatchV200R008C50

huaweiar200MatchV200R005C20

huaweiar200MatchV200R006C10

huaweiar200MatchV200R007C00

huaweiar200MatchV200R008C50

huaweiar200-sMatchV200R005C20

huaweiar200-sMatchV200R006C10

huaweiar200-sMatchV200R007C00

huaweiar200-sMatchV200R008C50

huaweiar2200MatchV200R005C20

huaweiar2200MatchV200R006C10

huaweiar2200MatchV200R007C00

huaweiar2200MatchV200R008C50

huaweiar2200-sMatchV200R005C20

huaweiar2200-sMatchV200R006C10

huaweiar2200-sMatchV200R007C00

huaweiar2200-sMatchV200R008C50

huaweiar3200MatchV200R005C20

huaweiar3200MatchV200R006C10

huaweiar3200MatchV200R007C00

huaweiar3200MatchV200R008C50

huaweiar3600MatchV200R006C10

huaweiar3600MatchV200R007C00

huaweiar3600MatchV200R008C50

huaweicloudengine_12800MatchV200R002C10

huaweicloudengine_12800MatchV200R002C20

huaweiips_moduleMatchV500R001C30SPC100

huaweiips_moduleMatchV500R001C30SPC100PWE

huaweiips_moduleMatchV500R001C30SPC200

huaweingfw_moduleMatchV500R002C00SPC200

huaweinip6300MatchV500R001C30SPC100

huaweinip6300MatchV500R001C30SPC200

huaweinip6600MatchV500R001C30SPC100

huaweinip6600MatchV500R001C30SPC200

huaweinetengine16exMatchV200R005C20

huaweinetengine16exMatchV200R006C10

huaweinetengine16exMatchV200R007C00

huaweinetengine16exMatchV200R008C50

huaweis6700MatchV200R008C00

huaweis6700MatchV200R010C00SPC300

huaweis6700MatchV200R010C00SPC600

huaweis6700MatchV200R011C00SPC200

huaweisrg1300MatchV200R005C20

huaweisrg1300MatchV200R006C10

huaweisrg1300MatchV200R007C00

huaweisrg1300MatchV200R008C50

huaweisrg2300MatchV200R005C20

huaweisrg2300MatchV200R006C10

huaweisrg2300MatchV200R007C00

huaweisrg2300MatchV200R008C50

huaweisrg3300MatchV200R005C20

huaweisrg3300MatchV200R006C10

huaweisrg3300MatchV200R007C00

huaweisrg3300MatchV200R008C50

huaweisecospace_antiddos8000MatchV500R001C20SPC200

huaweisecospace_antiddos8000MatchV500R001C20SPC300

huaweisecospace_antiddos8000MatchV500R001C20SPC500

huaweisecospace_antiddos8000MatchV500R001C20SPC600

huaweisecospace_antiddos8000MatchV500R001C60SPC100

huaweisecospace_antiddos8000MatchV500R001C60SPC101

huaweisecospace_antiddos8000MatchV500R001C60SPC200

huaweisecospace_antiddos8000MatchV500R001C60SPC300

huaweisecospace_antiddos8000MatchV500R001C60SPC500

huaweisecospace_antiddos8000MatchV500R001C60SPC600

huaweisecospace_antiddos8000MatchV500R005C00SPC100

huaweisecospace_antiddos8000MatchV500R005C00SPC200

huaweisecospace_usg6300MatchV500R001C30SPC100

huaweisecospace_usg6300MatchV500R001C30SPC200

huaweisecospace_usg6500MatchV500R001C30SPC100

huaweisecospace_usg6500MatchV500R001C30SPC200

huaweisecospace_usg6600MatchV500R001C30SPC100

huaweisecospace_usg6600MatchV500R001C30SPC200

CPENameOperatorVersion
ar120-seqV200R005C20
ar120-seqV200R006C10
ar120-seqV200R007C00
ar120-seqV200R008C50
ar1200eqV200R005C00
ar1200eqV200R006C10
ar1200eqV200R007C00
ar1200eqV200R008C50
ar1200-seqV200R005C20
ar1200-seqV200R006C10

Name	Operator	Version
ar120-s	eq	V200R005C20
ar120-s	eq	V200R006C10
ar120-s	eq	V200R007C00
ar120-s	eq	V200R008C50
ar1200	eq	V200R005C00
ar1200	eq	V200R006C10
ar1200	eq	V200R007C00
ar1200	eq	V200R008C50
ar1200-s	eq	V200R005C20
ar1200-s	eq	V200R006C10

Rows per page:

1-10 of 951

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for HUAWEI-SA-20191204-01-VALIDATION