Sign-up

ID

VAR-201911-0271


CVE

CVE-2019-5294


TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011933

DESCRIPTION

There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2019-5294 // JVNDB: JVNDB-2019-011933

AFFECTED PRODUCTS

vendor:huaweimodel:srg2300scope:eqversion:v200r006c10

Trust: 1.6

vendor:huaweimodel:srg3300scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:srg1300scope:eqversion:v200r005c20

Trust: 1.6

vendor:huaweimodel:srg3300scope:eqversion:v200r005c20

Trust: 1.6

vendor:huaweimodel:srg1300scope:eqversion:v200r006c10

Trust: 1.6

vendor:huaweimodel:srg3300scope:eqversion:v200r006c10

Trust: 1.6

vendor:huaweimodel:srg2300scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:ar150-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar3600scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar3600scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar120-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar150scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar150-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar160scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar2200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar2200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:netengine16exscope:eqversion: -

Trust: 0.6

vendor:huaweimodel:srg1300scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:srg2300scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-011933 // CNNVD: CNNVD-201910-1450 // NVD: CVE-2019-5294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5294
value: HIGH

Trust: 1.0

NVD: CVE-2019-5294
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-1450
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5294
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-5294
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5294
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-011933 // CNNVD: CNNVD-201910-1450 // NVD: CVE-2019-5294

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-011933 // NVD: CVE-2019-5294

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1450

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1450

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011933

PATCH
title:huawei-sa-20191023-01-bufferurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-buffer-en
Trust: 0.8
title:Multiple Huawei Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102955
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011933 // 
            
            
            
            CNNVD: CNNVD-201910-1450

EXTERNAL IDS
db:NVDid:CVE-2019-5294
Trust: 2.4
db:JVNDBid:JVNDB-2019-011933
Trust: 0.8
db:CNNVDid:CNNVD-201910-1450
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011933 // 
            
            
            
            CNNVD: CNNVD-201910-1450 // 
            
            
            
            NVD: CVE-2019-5294

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-5294
Trust: 1.4
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-buffer-en
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5294
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191023-01-buffer-cn
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011933 // 
            
            
            
            CNNVD: CNNVD-201910-1450 // 
            
            
            
            NVD: CVE-2019-5294

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201910-1450

SOURCES
db:JVNDBid:JVNDB-2019-011933
db:CNNVDid:CNNVD-201910-1450
db:NVDid:CVE-2019-5294

LAST UPDATE DATE
2024-11-23T23:08:13.561000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-011933date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201910-1450date:2019-12-05T00:00:00
db:NVDid:CVE-2019-5294date:2024-11-21T04:44:41.387

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-011933date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201910-1450date:2019-10-23T00:00:00
db:NVDid:CVE-2019-5294date:2019-11-13T17:15:14.133