Sign-up

ID

VAR-201912-0058


CVE

CVE-2019-5290


TITLE

Huawei S5700 and S6700 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013185

DESCRIPTION

Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal. Huawei S5700 and S6700 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei S5700 and Huawei S6700 are both enterprise-class switch products from China's Huawei. A denial of service vulnerability exists in the Huawei S5700 and S6700

Trust: 2.25

sources: NVD: CVE-2019-5290 // JVNDB: JVNDB-2019-013185 // CNVD: CNVD-2019-44536 // VULMON: CVE-2019-5290

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-44536

AFFECTED PRODUCTS

vendor:huaweimodel:s5700scope:eqversion:v200r007c00spc500

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r005c03

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r005c02

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r006c00spc100

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r007c00spc100

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r006c00spc500

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r005c01

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r005c00spc500

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c02

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c00spc500

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r006c00spc300

Trust: 1.0

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700 v200r005c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-44536 // JVNDB: JVNDB-2019-013185 // CNNVD: CNNVD-201912-190 // NVD: CVE-2019-5290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5290
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5290
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44536
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-190
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-5290
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5290
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-44536
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5290
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5290
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-44536 // VULMON: CVE-2019-5290 // JVNDB: JVNDB-2019-013185 // CNNVD: CNNVD-201912-190 // NVD: CVE-2019-5290

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-013185 // NVD: CVE-2019-5290

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-190

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-190

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013185

PATCH
title:huawei-sa-20191204-02-dosurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-dos-en
Trust: 0.8
title:Patch for Huawei S5700 and Huawei S6700 Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/193479
Trust: 0.6
title:Huawei S5700  and Huawei S6700 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105644
Trust: 0.6
title:Huawei Security Advisories: Security Advisory - DoS Vulnerability in Some Huawei Productsurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=2732abfc90c46caada3248f02c0002c1
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-44536 // 
            
            
            
            VULMON: CVE-2019-5290 // 
            
            
            
            JVNDB: JVNDB-2019-013185 // 
            
            
            
            CNNVD: CNNVD-201912-190

EXTERNAL IDS
db:NVDid:CVE-2019-5290
Trust: 3.1
db:JVNDBid:JVNDB-2019-013185
Trust: 0.8
db:CNVDid:CNVD-2019-44536
Trust: 0.6
db:CNNVDid:CNNVD-201912-190
Trust: 0.6
db:VULMONid:CVE-2019-5290
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-44536 // 
            
            
            
            VULMON: CVE-2019-5290 // 
            
            
            
            JVNDB: JVNDB-2019-013185 // 
            
            
            
            CNNVD: CNNVD-201912-190 // 
            
            
            
            NVD: CVE-2019-5290

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-dos-en
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5290
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-02-dos-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5290
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/172587
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-44536 // 
            
            
            
            VULMON: CVE-2019-5290 // 
            
            
            
            JVNDB: JVNDB-2019-013185 // 
            
            
            
            CNNVD: CNNVD-201912-190 // 
            
            
            
            NVD: CVE-2019-5290

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201912-190

SOURCES
db:CNVDid:CNVD-2019-44536
db:VULMONid:CVE-2019-5290
db:JVNDBid:JVNDB-2019-013185
db:CNNVDid:CNNVD-201912-190
db:NVDid:CVE-2019-5290

LAST UPDATE DATE
2024-11-23T22:48:11.510000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44536date:2019-12-10T00:00:00
db:VULMONid:CVE-2019-5290date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-013185date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-190date:2020-01-09T00:00:00
db:NVDid:CVE-2019-5290date:2024-11-21T04:44:40.897

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-44536date:2019-12-10T00:00:00
db:VULMONid:CVE-2019-5290date:2019-12-13T00:00:00
db:JVNDBid:JVNDB-2019-013185date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-190date:2019-12-04T00:00:00
db:NVDid:CVE-2019-5290date:2019-12-13T15:15:11.397