Details of VAR-201906-0055

ID

VAR-201906-0055

CVE

CVE-2019-5285

TITLE

plural Huawei S Series switch vulnerability in input confirmation

Trust: 0.8

sources: JVNDB: JVNDB-2019-005143

DESCRIPTION

Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109). Vendors have confirmed this vulnerability HWPSIRT-2019-03109 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiS12700 is an enterprise-class switch product from China's Huawei company. The vulnerability stems from the program's insufficient verification of specific parameters of Http messages. The following products and versions are affected: Huawei S12700 V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R010C00 Version, V200R012C00 Version, V200R013C00 Version, V200R011C10 Version; S1700 V200R008C00 Version, V200R009C00 Version, V200R010C00 Version, V200R011C10 Version, V200R012C00 Version, V200R013C00 version; S2300 V200R003C00 version, etc

Trust: 2.25

sources: NVD: CVE-2019-5285 // JVNDB: JVNDB-2019-005143 // CNVD: CNVD-2019-25515 // VULHUB: VHN-156720

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-25515

AFFECTED PRODUCTS

vendor:	huawei	model:	s7700	scope:	eq	version:	v200r006c00	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s9300x	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s2300	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s5300	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s5300	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s1700	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s9300x	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s2300	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s6300	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s6300	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s5300	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s1700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s1700	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s9300x	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r006c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s6300	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s6300	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s7900	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s600-e	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s1700	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s6300	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s600-e	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s2300	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s2300	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s5300	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s6300	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s600-e	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s7900	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s9300x	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s2300	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s2300	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r006c00	Trust: 1.0
vendor:	huawei	model:	s5300	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r008c10	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	eq	version:	v200r006c00	Trust: 1.0
vendor:	huawei	model:	s1700	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s1700	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	s6300	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s2300	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s600-e	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r006c00	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	s7900	scope:	eq	version:	v200r011c10	Trust: 1.0
vendor:	huawei	model:	s6300	scope:	eq	version:	v200r013c00	Trust: 1.0
vendor:	huawei	model:	s5300	scope:	eq	version:	v200r012c00	Trust: 1.0
vendor:	huawei	model:	s5300	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	s600-e	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s1700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s2300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s2700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s5300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s5700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s600-e	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s6700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s7700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s12700 v200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s12700 v200r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s12700 v200r008c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s12700 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s2300 v200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s12700 v200r010c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s1700 v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s1700 v200r010c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s12700 v200r012c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s12700 v200r013c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s12700 v200r011c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s1700 v200r008c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s1700 v200r011c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s1700 v200r012c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-25515 // JVNDB: JVNDB-2019-005143 // NVD: CVE-2019-5285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5285
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-5285
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-25515
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201905-947
value:	HIGH
Trust: 0.6
VULHUB:	VHN-156720
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-5285
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-25515
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-156720
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-5285
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-25515 // VULHUB: VHN-156720 // JVNDB: JVNDB-2019-005143 // CNNVD: CNNVD-201905-947 // NVD: CVE-2019-5285

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-156720 // JVNDB: JVNDB-2019-005143 // NVD: CVE-2019-5285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-947

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-947

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005143

PATCH

title:	huawei-sa-20190522-01-switch	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en	Trust: 0.8
title:	Multiple HuaweiS series switches enter patches for verification error vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/172831	Trust: 0.6
title:	Multiple Huawei S Repair measures for series switch security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92902	Trust: 0.6

sources: CNVD: CNVD-2019-25515 // JVNDB: JVNDB-2019-005143 // CNNVD: CNNVD-201905-947

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5285	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-005143	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-947	Trust: 0.7
db:	CNVD	id:	CNVD-2019-25515	Trust: 0.6
db:	VULHUB	id:	VHN-156720	Trust: 0.1

sources: CNVD: CNVD-2019-25515 // VULHUB: VHN-156720 // JVNDB: JVNDB-2019-005143 // CNNVD: CNNVD-201905-947 // NVD: CVE-2019-5285

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en	Trust: 3.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190522-01-switch-cn	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5285	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5285	Trust: 0.8

sources: CNVD: CNVD-2019-25515 // VULHUB: VHN-156720 // JVNDB: JVNDB-2019-005143 // CNNVD: CNNVD-201905-947 // NVD: CVE-2019-5285

CREDITS

This vulnerability is by Chi Anxin Codesafe Team of Legendsec of eack Report to Huawei PSIRT .

Trust: 0.6

sources: CNNVD: CNNVD-201905-947

SOURCES

db:	CNVD	id:	CNVD-2019-25515
db:	VULHUB	id:	VHN-156720
db:	JVNDB	id:	JVNDB-2019-005143
db:	CNNVD	id:	CNNVD-201905-947
db:	NVD	id:	CVE-2019-5285

LAST UPDATE DATE

2024-11-23T22:16:59.884000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-25515	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-156720	date:	2019-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-005143	date:	2019-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201905-947	date:	2019-07-29T00:00:00
db:	NVD	id:	CVE-2019-5285	date:	2024-11-21T04:44:40.310

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-25515	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-156720	date:	2019-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-005143	date:	2019-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201905-947	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2019-5285	date:	2019-06-04T19:29:00.477