Lucene search

[email protected]NVD:CVE-2019-5294

HistoryNov 13, 2019 - 5:15 p.m.

CVE-2019-5294

2019-11-1317:15:14

CWE-125

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.

Affected configurations

NVD

Node

huaweiar120-sMatch-

AND

huaweiar120-s_firmwareMatchv200r005c20

huaweiar120-s_firmwareMatchv200r006c10

huaweiar120-s_firmwareMatchv200r007c00

Node

huaweiar1200Match-

AND

huaweiar1200_firmwareMatchv200r005c20

huaweiar1200_firmwareMatchv200r006c10

huaweiar1200_firmwareMatchv200r007c00

Node

huaweiar1200-s_firmwareMatchv200r005c20

huaweiar1200-s_firmwareMatchv200r006c10

huaweiar1200-s_firmwareMatchv200r007c00

AND

huaweiar1200-sMatch-

Node

huaweiar150_firmwareMatchv200r005c20

huaweiar150_firmwareMatchv200r006c10

huaweiar150_firmwareMatchv200r007c00

AND

huaweiar150Match-

Node

huaweiar150-s_firmwareMatchv200r005c20

huaweiar150-s_firmwareMatchv200r006c10

huaweiar150-s_firmwareMatchv200r007c00

AND

huaweiar150-sMatch-

Node

huaweiar160_firmwareMatchv200r005c20

huaweiar160_firmwareMatchv200r006c10

huaweiar160_firmwareMatchv200r007c00

AND

huaweiar160Match-

Node

huaweiar200_firmwareMatchv200r005c20

huaweiar200_firmwareMatchv200r006c10

huaweiar200_firmwareMatchv200r007c00

AND

huaweiar200Match-

Node

huaweiar200-s_firmwareMatchv200r005c20

huaweiar200-s_firmwareMatchv200r006c10

huaweiar200-s_firmwareMatchv200r007c00

AND

huaweiar200-sMatch-

Node

huaweiar2200_firmwareMatchv200r005c20

huaweiar2200_firmwareMatchv200r006c10

huaweiar2200_firmwareMatchv200r007c00

AND

huaweiar2200Match-

Node

huaweiar2200-s_firmwareMatchv200r005c20

huaweiar2200-s_firmwareMatchv200r006c10

huaweiar2200-s_firmwareMatchv200r007c00

AND

huaweiar2200-sMatch-

Node

huaweiar3200_firmwareMatchv200r005c20

huaweiar3200_firmwareMatchv200r006c10

AND

huaweiar3200Match-

Node

huaweiar3600_firmwareMatchv200r006c10

huaweiar3600_firmwareMatchv200r007c00

AND

huaweiar3600Match-

Node

huaweinetengine16ex_firmwareMatchv200r005c20

huaweinetengine16ex_firmwareMatchv200r006c10

huaweinetengine16ex_firmwareMatchv200r007c00

AND

huaweinetengine16exMatch-

Node

huaweisrg1300_firmwareMatchv200r005c20

huaweisrg1300_firmwareMatchv200r006c10

huaweisrg1300_firmwareMatchv200r007c00

AND

huaweisrg1300Match-

Node

huaweisrg2300_firmwareMatchv200r005c20

huaweisrg2300_firmwareMatchv200r006c10

huaweisrg2300_firmwareMatchv200r007c00

AND

huaweisrg2300Match-

Node

huaweisrg3300_firmwareMatchv200r005c20

huaweisrg3300_firmwareMatchv200r006c10

huaweisrg3300_firmwareMatchv200r007c00

AND

huaweisrg3300Match-

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-buffer-en

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for NVD:CVE-2019-5294

cvelist1 huawei1 prion1 cve1 openvas1