Sign-up

ID

VAR-201906-0117


CVE

CVE-2019-5300


TITLE

plural Huawei Vulnerabilities in digital signature verification in routers

Trust: 0.8

sources: JVNDB: JVNDB-2019-005133

DESCRIPTION

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device. plural Huawei Vulnerability related to verification of digital signatures exists in routers made by the manufacturer.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei AR1200 is an enterprise router of China Huawei. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei AR1200 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR1200-S V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR150 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR160 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR200 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR2200 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR2200-S V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR3200 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; SRG1300 V200R007C00 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 version; SRG2300 Version V200R007C00, Version V200R008C50, Version V200R009C00, Version V200R010C00; SRG3300 Version V200R007C00, Version V200R008C50, Version V200R009C00, Version V200R010C00. ?

Trust: 2.25

sources: NVD: CVE-2019-5300 // JVNDB: JVNDB-2019-005133 // CNVD: CNVD-2019-41256 // VULHUB: VHN-156735

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41256

AFFECTED PRODUCTS

vendor:huaweimodel:ar160scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar2200sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar2200sscope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ar2200sscope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ar2200sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar2200sscope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar1200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar150scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar160scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar2200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar2200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3200scope: - version: -

Trust: 0.8

vendor:huaweimodel:srg1300scope: - version: -

Trust: 0.8

vendor:huaweimodel:srg2300scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200 v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r008c20spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r008c20spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r008c20spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r008c20spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r008c20spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r008c20spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r008c20spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r008c20spc800scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3600 v200r008c50scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3600 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg1300 v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg1300 v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg1300 v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg1300 v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg2300 v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg2300 v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg2300 v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg2300 v200r010c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg3300 v200r007c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg3300 v200r008c50spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg3300 v200r009c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg3300 v200r010c00spc200scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-41256 // JVNDB: JVNDB-2019-005133 // NVD: CVE-2019-5300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5300
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5300
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41256
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201903-697
value: MEDIUM

Trust: 0.6

VULHUB: VHN-156735
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5300
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41256
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-156735
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5300
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-41256 // VULHUB: VHN-156735 // JVNDB: JVNDB-2019-005133 // CNNVD: CNNVD-201903-697 // NVD: CVE-2019-5300

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.9

sources: VULHUB: VHN-156735 // JVNDB: JVNDB-2019-005133 // NVD: CVE-2019-5300

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-697

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201903-697

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005133

PATCH
title:huawei-sa-20190320-01-arurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en
Trust: 0.8
title:Patch for Multiple Huawei Digital Signature Verification Bypass Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/190769
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90250
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41256 // 
            
            
            
            JVNDB: JVNDB-2019-005133 // 
            
            
            
            CNNVD: CNNVD-201903-697

EXTERNAL IDS
db:NVDid:CVE-2019-5300
Trust: 3.1
db:JVNDBid:JVNDB-2019-005133
Trust: 0.8
db:CNNVDid:CNNVD-201903-697
Trust: 0.7
db:CNVDid:CNVD-2019-41256
Trust: 0.6
db:VULHUBid:VHN-156735
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41256 // 
            
            
            
            VULHUB: VHN-156735 // 
            
            
            
            JVNDB: JVNDB-2019-005133 // 
            
            
            
            CNNVD: CNNVD-201903-697 // 
            
            
            
            NVD: CVE-2019-5300

REFERENCES
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190320-01-ar-cn
Trust: 1.2
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5300
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-5300
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41256 // 
            
            
            
            VULHUB: VHN-156735 // 
            
            
            
            JVNDB: JVNDB-2019-005133 // 
            
            
            
            CNNVD: CNNVD-201903-697 // 
            
            
            
            NVD: CVE-2019-5300

CREDITS
The vulnerability is caused by Sunny Garg ( Vodafone Ireland )with Ivica Stipovic ( Ward Solutions ) Reported to Huawei PSIRT . Huawei thanks Sunny Garg with Ivica Stipovic Collaborate with us to disclose vulnerabilities to protect Huawei's customers.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-697

SOURCES
db:CNVDid:CNVD-2019-41256
db:VULHUBid:VHN-156735
db:JVNDBid:JVNDB-2019-005133
db:CNNVDid:CNNVD-201903-697
db:NVDid:CVE-2019-5300

LAST UPDATE DATE
2024-11-23T22:44:58.783000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41256date:2019-11-19T00:00:00
db:VULHUBid:VHN-156735date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-005133date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201903-697date:2019-03-21T00:00:00
db:NVDid:CVE-2019-5300date:2024-11-21T04:44:42.073

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41256date:2019-11-19T00:00:00
db:VULHUBid:VHN-156735date:2019-06-04T00:00:00
db:JVNDBid:JVNDB-2019-005133date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201903-697date:2019-03-20T00:00:00
db:NVDid:CVE-2019-5300date:2019-06-04T19:29:00.633