ByteOS Network

Vulnerability Details :

CVE-2019-5291

Assigner-huawei

Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e

Published At-13 Dec, 2019 | 14:35

Updated At-04 Aug, 2024 | 19:54

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:huawei

Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e

Published At:13 Dec, 2019 | 14:35

Updated At:04 Aug, 2024 | 19:54

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300

Versions

Affected

V200R005C20
V200R006C10
V200R007C00
V200R008C50
V200R005C00
V200R002C10
V200R002C20
V200R008C00
V200R010C00SPC300
V200R010C00SPC600
V200R011C00SPC200

Problem Types

Type	CWE ID	Description
text	N/A	Insufficient Verification

Type: text

CWE ID: N/A

Description: Insufficient Verification

References

Hyperlink	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en	x_refsource_MISC

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en	x_refsource_MISC x_transferred

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@huawei.com

Published At:13 Dec, 2019 | 15:15

Updated At:19 Dec, 2019 | 19:18

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVE-2019-5291

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs