Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20191211-01-SSP
HistoryDec 11, 2019 - 12:00 a.m.

Security Advisory - Multiple Vulnerabilities in Some Huawei Products

2019-12-1100:00:00
Huawei Technologies
www.huawei.com
35

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.6%

JSON

There is an out-of-bounds read vulnerability in some Huawei products. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board abnormal. (Vulnerability ID: HWPSIRT-2019-01067)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5254.

There is a DoS vulnerability in some Huawei products. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service. (Vulnerability ID: HWPSIRT-2019-01071)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5255.

There is a null pointer dereference vulnerability in some Huawei products. The system dereferences a pointer that it expects to be valid, but is NULL. A local attacker could exploit this vulnerability by sending crafted parameters. A successful exploit could cause a denial of service and the process reboot. (Vulnerability ID: HWPSIRT-2019-01072)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5256.

There is a resource management vulnerability in some Huawei products. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to improper management of system resources, successful exploit may cause resource exhausted. (Vulnerability ID: HWPSIRT-2019-01073)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5257.

There is a buffer overflow vulnerability in some Huawei products. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board abnormal. (Vulnerability ID: HWPSIRT-2019-01074)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5258.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en

Affected configurations

Vulners
Node
huaweiap2000MatchV200R005C30
OR
huaweiap2000MatchV200R006C10
OR
huaweiap2000MatchV200R006C10SPCa00
OR
huaweiap2000MatchV200R006C10SPCb00
OR
huaweiap2000MatchV200R006C10SPCc00
OR
huaweiap2000MatchV200R006C10SPCd00
OR
huaweiap2000MatchV200R006C20
OR
huaweiap2000MatchV200R006C20SPC700
OR
huaweiap2000MatchV200R006C20SPC800
OR
huaweiap2000MatchV200R007C10
OR
huaweiap2000MatchV200R007C10SPC300
OR
huaweiap2000MatchV200R007C10SPC500
OR
huaweiap2000MatchV200R007C10SPC600
OR
huaweiap2000MatchV200R007C10SPC700
OR
huaweiap2000MatchV200R007C10SPC800
OR
huaweiap2000MatchV200R007C10SPC900
OR
huaweiap2000MatchV200R007C10SPCa00
OR
huaweiap2000MatchV200R007C10SPCb00
OR
huaweiap2000MatchV200R007C10SPCc00
OR
huaweiap2000MatchV200R007C20
OR
huaweiap2000MatchV200R007C20SPC200
OR
huaweiap2000MatchV200R007C20SPC300
OR
huaweiap2000MatchV200R007C20SPC500
OR
huaweiap2000MatchV200R007C20SPC700
OR
huaweiap2000MatchV200R007C20SPC800
OR
huaweiap2000MatchV200R007C20SPC900
OR
huaweiap2000MatchV200R007C20SPCa00
OR
huaweiap2000MatchV200R007C20SPCc00
OR
huaweiap2000MatchV200R007C20SPCd00
OR
huaweiap2000MatchV200R007C20SPCe00
OR
huaweiap2000MatchV200R007C20SPCf00
OR
huaweiap2000MatchV200R007C20SPCg00
OR
huaweiap2000MatchV200R007C20SPCi00
OR
huaweiap2000MatchV200R008C00
OR
huaweiap2000MatchV200R008C10
OR
huaweiap2000MatchV200R009C00
OR
huaweiar3200MatchV200R003C01SPCe00
OR
huaweiar3200MatchV200R005C20SPC100
OR
huaweiar3200MatchV200R005C20SPC200
OR
huaweiar3200MatchV200R005C20SPC500
OR
huaweiar3200MatchV200R005C21
OR
huaweiar3200MatchV200R005C30
OR
huaweiar3200MatchV200R005C31
OR
huaweiar3200MatchV200R005C32
OR
huaweiar3200MatchV200R006C10
OR
huaweiar3200MatchV200R006C11
OR
huaweiar3200MatchV200R007C00
OR
huaweiar3200MatchV200R007C01
OR
huaweiar3200MatchV200R007C02
OR
huaweiar3200MatchV200R008C00
OR
huaweiar3200MatchV200R008C10
OR
huaweiar3200MatchV200R008C20
OR
huaweiar3200MatchV200R008C30
OR
huaweiar3200MatchV200R008C50
OR
huaweiar3200MatchV200R009C00
OR
huaweiar3200MatchV200R009C10
OR
huaweiar3200MatchV200R010C00
OR
huaweiar3200MatchV300R003C00
OR
huaweiar3200MatchV300R003C10
OR
huaweiar3200MatchV300R019C00
OR
huaweihuawei_firmwareMatchV500R005C00
OR
huaweiips_moduleMatchV500R001C00SPC300
OR
huaweiips_moduleMatchV500R001C00SPC500
OR
huaweiips_moduleMatchV500R001C00SPH303
OR
huaweiips_moduleMatchV500R001C00SPH508
OR
huaweiips_moduleMatchV500R001C20
OR
huaweiips_moduleMatchV500R001C20SPC100
OR
huaweiips_moduleMatchV500R001C20SPC100PWE
OR
huaweiips_moduleMatchV500R001C20SPC200
OR
huaweiips_moduleMatchV500R001C20SPC200B062
OR
huaweiips_moduleMatchV500R001C20SPC200PWE
OR
huaweiips_moduleMatchV500R001C20SPC300B078
OR
huaweiips_moduleMatchV500R001C20SPC300PWE
OR
huaweiips_moduleMatchV500R001C30
OR
huaweiips_moduleMatchV500R001C30SPC100
OR
huaweiips_moduleMatchV500R001C30SPC100PWE
OR
huaweiips_moduleMatchV500R001C30SPC200
OR
huaweiips_moduleMatchV500R001C30SPC200PWE
OR
huaweiips_moduleMatchV500R001C30SPC300
OR
huaweiips_moduleMatchV500R001C50
OR
huaweiips_moduleMatchV500R001C50PWE
OR
huaweiips_moduleMatchV500R001C80
OR
huaweiips_moduleMatchV500R005C00
OR
huaweingfw_moduleMatchV500R001C00SPC300
OR
huaweingfw_moduleMatchV500R001C00SPC500
OR
huaweingfw_moduleMatchV500R001C00SPC500PWE
OR
huaweingfw_moduleMatchV500R001C00SPH303
OR
huaweingfw_moduleMatchV500R001C00SPH508
OR
huaweingfw_moduleMatchV500R001C20
OR
huaweingfw_moduleMatchV500R001C20SPC100
OR
huaweingfw_moduleMatchV500R001C20SPC100PWE
OR
huaweingfw_moduleMatchV500R001C20SPC200
OR
huaweingfw_moduleMatchV500R001C20SPC200B062
OR
huaweingfw_moduleMatchV500R001C20SPC200PWE
OR
huaweingfw_moduleMatchV500R001C20SPC300B078
OR
huaweingfw_moduleMatchV500R001C20SPC300PWE
OR
huaweingfw_moduleMatchV500R002C00
OR
huaweingfw_moduleMatchV500R002C00SPC100
OR
huaweingfw_moduleMatchV500R002C00SPC100PWE
OR
huaweingfw_moduleMatchV500R002C00SPC200
OR
huaweingfw_moduleMatchV500R002C00SPC200PWE
OR
huaweingfw_moduleMatchV500R002C00SPC300
OR
huaweingfw_moduleMatchV500R002C10
OR
huaweingfw_moduleMatchV500R002C10PWE
OR
huaweingfw_moduleMatchV500R002C30
OR
huaweingfw_moduleMatchV500R002C30PWE
OR
huaweingfw_moduleMatchV500R005C00
OR
huaweinip6300MatchV500R001C00SPC300
OR
huaweinip6300MatchV500R001C00SPC500
OR
huaweinip6300MatchV500R001C00SPH303
OR
huaweinip6300MatchV500R001C00SPH508
OR
huaweinip6300MatchV500R001C20
OR
huaweinip6300MatchV500R001C20SPC100
OR
huaweinip6300MatchV500R001C20SPC100PWE
OR
huaweinip6300MatchV500R001C20SPC200
OR
huaweinip6300MatchV500R001C20SPC200B062
OR
huaweinip6300MatchV500R001C20SPC200PWE
OR
huaweinip6300MatchV500R001C20SPC300B078
OR
huaweinip6300MatchV500R001C20SPC300PWE
OR
huaweinip6300MatchV500R001C30
OR
huaweinip6300MatchV500R001C30SPC100
OR
huaweinip6300MatchV500R001C30SPC100PWE
OR
huaweinip6300MatchV500R001C30SPC200
OR
huaweinip6300MatchV500R001C30SPC200PWE
OR
huaweinip6300MatchV500R001C30SPC300
OR
huaweinip6300MatchV500R001C50
OR
huaweinip6300MatchV500R001C50PWE
OR
huaweinip6300MatchV500R001C80
OR
huaweinip6300MatchV500R005C00
OR
huaweinip6600MatchV500R001C00SPC300
OR
huaweinip6600MatchV500R001C00SPC500
OR
huaweinip6600MatchV500R001C00SPH303
OR
huaweinip6600MatchV500R001C00SPH508
OR
huaweinip6600MatchV500R001C20
OR
huaweinip6600MatchV500R001C20SPC100
OR
huaweinip6600MatchV500R001C20SPC100PWE
OR
huaweinip6600MatchV500R001C20SPC200
OR
huaweinip6600MatchV500R001C20SPC200B062
OR
huaweinip6600MatchV500R001C20SPC200PWE
OR
huaweinip6600MatchV500R001C20SPC300B078
OR
huaweinip6600MatchV500R001C30
OR
huaweinip6600MatchV500R001C30SPC100
OR
huaweinip6600MatchV500R001C30SPC100PWE
OR
huaweinip6600MatchV500R001C30SPC200
OR
huaweinip6600MatchV500R001C30SPC200PWE
OR
huaweinip6600MatchV500R001C30SPC300
OR
huaweinip6600MatchV500R001C50
OR
huaweinip6600MatchV500R001C50PWE
OR
huaweinip6600MatchV500R001C80
OR
huaweinip6600MatchV500R005C00
OR
huaweinip6800MatchV500R001C50
OR
huaweinip6800MatchV500R001C50PWE
OR
huaweinip6800MatchV500R001C80
OR
huaweinip6800MatchV500R005C00
OR
huaweis5700MatchV200R005C03
OR
huaweisemg9811MatchV500R002C20
OR
huaweisemg9811MatchV500R002C30
OR
huaweisemg9811MatchV500R005C00
OR
huaweisecospace_antiddos8000MatchV500R001C00
OR
huaweisecospace_antiddos8000MatchV500R001C00SPC200
OR
huaweisecospace_antiddos8000MatchV500R001C00SPC300
OR
huaweisecospace_antiddos8000MatchV500R001C00SPC500
OR
huaweisecospace_antiddos8000MatchV500R001C00SPC600
OR
huaweisecospace_antiddos8000MatchV500R001C00SPC700
OR
huaweisecospace_antiddos8000MatchV500R001C00SPH303
OR
huaweisecospace_antiddos8000MatchV500R001C20SPC200
OR
huaweisecospace_antiddos8000MatchV500R001C20SPC300
OR
huaweisecospace_antiddos8000MatchV500R001C20SPC500
OR
huaweisecospace_antiddos8000MatchV500R001C20SPC600
OR
huaweisecospace_antiddos8000MatchV500R001C60SPC100
OR
huaweisecospace_antiddos8000MatchV500R001C60SPC101
OR
huaweisecospace_antiddos8000MatchV500R001C60SPC200
OR
huaweisecospace_antiddos8000MatchV500R001C60SPC300
OR
huaweisecospace_antiddos8000MatchV500R001C60SPC500
OR
huaweisecospace_antiddos8000MatchV500R001C60SPC600
OR
huaweisecospace_antiddos8000MatchV500R005C00
OR
huaweisecospace_antiddos8000MatchV500R005C00SPC100
OR
huaweisecospace_usg6300MatchV100R001C20SPC100
OR
huaweisecospace_usg6300MatchV500R001C00SPC300
OR
huaweisecospace_usg6300MatchV500R001C00SPC500
OR
huaweisecospace_usg6300MatchV500R001C00SPC500PWE
OR
huaweisecospace_usg6300MatchV500R001C00SPH303
OR
huaweisecospace_usg6300MatchV500R001C00SPH508
OR
huaweisecospace_usg6300MatchV500R001C20
OR
huaweisecospace_usg6300MatchV500R001C20SPC100
OR
huaweisecospace_usg6300MatchV500R001C20SPC100PWE
OR
huaweisecospace_usg6300MatchV500R001C20SPC101
OR
huaweisecospace_usg6300MatchV500R001C20SPC200
OR
huaweisecospace_usg6300MatchV500R001C20SPC200B062
OR
huaweisecospace_usg6300MatchV500R001C20SPC200PWE
OR
huaweisecospace_usg6300MatchV500R001C20SPC300B078
OR
huaweisecospace_usg6300MatchV500R001C20SPC300PWE
OR
huaweisecospace_usg6300MatchV500R001C30
OR
huaweisecospace_usg6300MatchV500R001C30SPC100
OR
huaweisecospace_usg6300MatchV500R001C30SPC100PWE
OR
huaweisecospace_usg6300MatchV500R001C30SPC200
OR
huaweisecospace_usg6300MatchV500R001C30SPC200PWE
OR
huaweisecospace_usg6300MatchV500R001C30SPC300
OR
huaweisecospace_usg6300MatchV500R001C50
OR
huaweisecospace_usg6300MatchV500R001C50PWE
OR
huaweisecospace_usg6300MatchV500R001C80
OR
huaweisecospace_usg6300MatchV500R001C80PWE
OR
huaweisecospace_usg6300MatchV500R005C00
OR
huaweisecospace_usg6500MatchV100R001C20SPC100
OR
huaweisecospace_usg6500MatchV500R001C00SPC300
OR
huaweisecospace_usg6500MatchV500R001C00SPC500
OR
huaweisecospace_usg6500MatchV500R001C00SPC500PWE
OR
huaweisecospace_usg6500MatchV500R001C00SPH303
OR
huaweisecospace_usg6500MatchV500R001C00SPH508
OR
huaweisecospace_usg6500MatchV500R001C20
OR
huaweisecospace_usg6500MatchV500R001C20SPC100
OR
huaweisecospace_usg6500MatchV500R001C20SPC100PWE
OR
huaweisecospace_usg6500MatchV500R001C20SPC101
OR
huaweisecospace_usg6500MatchV500R001C20SPC200
OR
huaweisecospace_usg6500MatchV500R001C20SPC200B062
OR
huaweisecospace_usg6500MatchV500R001C20SPC200PWE
OR
huaweisecospace_usg6500MatchV500R001C20SPC300B078
OR
huaweisecospace_usg6500MatchV500R001C20SPC300PWE
OR
huaweisecospace_usg6500MatchV500R001C30
OR
huaweisecospace_usg6500MatchV500R001C30SPC100
OR
huaweisecospace_usg6500MatchV500R001C30SPC100PWE
OR
huaweisecospace_usg6500MatchV500R001C30SPC200
OR
huaweisecospace_usg6500MatchV500R001C30SPC200PWE
OR
huaweisecospace_usg6500MatchV500R001C30SPC300
OR
huaweisecospace_usg6500MatchV500R001C50
OR
huaweisecospace_usg6500MatchV500R001C50PWE
OR
huaweisecospace_usg6500MatchV500R001C80
OR
huaweisecospace_usg6500MatchV500R001C80PWE
OR
huaweisecospace_usg6500MatchV500R005C00
OR
huaweisecospace_usg6600MatchV100R001C00SPC200
OR
huaweisecospace_usg6600MatchV100R001C10SPC200
OR
huaweisecospace_usg6600MatchV100R001C10SPC201
OR
huaweisecospace_usg6600MatchV100R001C20SPC100
OR
huaweisecospace_usg6600MatchV100R001C20SPC200
OR
huaweisecospace_usg6600MatchV500R001C00
OR
huaweisecospace_usg6600MatchV500R001C00SPC050
OR
huaweisecospace_usg6600MatchV500R001C00SPC090
OR
huaweisecospace_usg6600MatchV500R001C00SPC300
OR
huaweisecospace_usg6600MatchV500R001C00SPC500
OR
huaweisecospace_usg6600MatchV500R001C00SPC500PWE
OR
huaweisecospace_usg6600MatchV500R001C00SPH303
OR
huaweisecospace_usg6600MatchV500R001C20
OR
huaweisecospace_usg6600MatchV500R001C20SPC100
OR
huaweisecospace_usg6600MatchV500R001C20SPC100PWE
OR
huaweisecospace_usg6600MatchV500R001C20SPC101
OR
huaweisecospace_usg6600MatchV500R001C20SPC200
OR
huaweisecospace_usg6600MatchV500R001C20SPC200PWE
OR
huaweisecospace_usg6600MatchV500R001C20SPC300
OR
huaweisecospace_usg6600MatchV500R001C20SPC300B078
OR
huaweisecospace_usg6600MatchV500R001C20SPC300PWE
OR
huaweisecospace_usg6600MatchV500R001C30
OR
huaweisecospace_usg6600MatchV500R001C30SPC100
OR
huaweisecospace_usg6600MatchV500R001C30SPC100PWE
OR
huaweisecospace_usg6600MatchV500R001C30SPC200
OR
huaweisecospace_usg6600MatchV500R001C30SPC200PWE
OR
huaweisecospace_usg6600MatchV500R001C30SPC300
OR
huaweisecospace_usg6600MatchV500R001C30SPC500
OR
huaweisecospace_usg6600MatchV500R001C30SPC600
OR
huaweisecospace_usg6600MatchV500R001C30SPC600PWE
OR
huaweisecospace_usg6600MatchV500R001C30SPC601
OR
huaweisecospace_usg6600MatchV500R001C50
OR
huaweisecospace_usg6600MatchV500R001C50PWE
OR
huaweisecospace_usg6600MatchV500R001C50SPC009
OR
huaweisecospace_usg6600MatchV500R001C50SPC100
OR
huaweisecospace_usg6600MatchV500R001C50SPC100PWE
OR
huaweisecospace_usg6600MatchV500R001C50SPC200
OR
huaweisecospace_usg6600MatchV500R001C50SPC200PWE
OR
huaweisecospace_usg6600MatchV500R001C50SPC300
OR
huaweisecospace_usg6600MatchV500R001C60
OR
huaweisecospace_usg6600MatchV500R001C60SPC100
OR
huaweisecospace_usg6600MatchV500R001C60SPC100PWE
OR
huaweisecospace_usg6600MatchV500R001C60SPC200
OR
huaweisecospace_usg6600MatchV500R001C60SPC200PWE
OR
huaweisecospace_usg6600MatchV500R001C60SPC300
OR
huaweisecospace_usg6600MatchV500R001C60SPC500
OR
huaweisecospace_usg6600MatchV500R001C80
OR
huaweisecospace_usg6600MatchV500R001C80PWE
OR
huaweisecospace_usg6600MatchV500R005C00
OR
huaweiusg6000vMatchV500R001C10
OR
huaweiusg6000vMatchV500R001C20
OR
huaweiusg6000vMatchV500R003C00
OR
huaweiusg6000vMatchV500R005C00
OR
huaweiespace_u1981MatchV200R003C50SPC700

Related

openvas 1
prion 5
nvd 5
cvelist 5
cve 5
openvas
openvas
Huawei Data Communication: Five Vulnerabilities in Some Huawei Products (huawei-sa-20191211-01-ssp)
2020-06-05 00:00:00
prion
prion
Out-of-bounds
2019-12-13 23:15:00
Null pointer dereference
2019-12-13 23:15:00
Out-of-bounds
2019-12-13 23:15:00
nvd
nvd
CVE-2019-5255
2019-12-13 23:15:11
CVE-2019-5256
2019-12-13 23:15:11
CVE-2019-5254
2019-12-13 23:15:11
cvelist
cvelist
CVE-2019-5255
2019-12-13 22:48:31
CVE-2019-5254
2019-12-13 22:51:29
CVE-2019-5257
2019-12-13 22:16:22
cve
cve
CVE-2019-5255
2019-12-13 23:15:11
CVE-2019-5258
2019-12-13 23:15:11
CVE-2019-5257
2019-12-13 23:15:11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.6%

JSON
Related for HUAWEI-SA-20191211-01-SSP
openvas1prion5nvd5cvelist5cve5