Details of VAR-201912-0059

ID

VAR-201912-0059

CVE

CVE-2019-5291

TITLE

plural Huawei Vulnerability related to insufficient verification of data reliability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013334

DESCRIPTION

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal. plural Huawei The product is vulnerable to insufficient validation of data reliability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR1200, etc. are all enterprise routers from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5291 // JVNDB: JVNDB-2019-013334 // CNVD: CNVD-2020-02965

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-02965

AFFECTED PRODUCTS

vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r010c00spc600	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	srg1300	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	srg2300	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	netengine16ex	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	srg1300	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	srg3300	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar160	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar3600	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	netengine16ex	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	srg2300	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	srg2300	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	srg3300	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar160	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r002c10	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar160	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar3600	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar160	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	srg3300	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar3600	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r010c00spc300	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	srg3300	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	srg1300	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	netengine16ex	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r011c00spc200	Trust: 1.0
vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r002c20	Trust: 1.0
vendor:	huawei	model:	srg2300	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	srg1300	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	netengine16ex	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar1200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar1200-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar150	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar150-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar160	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar200-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar2200-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar3200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s6700 v200r008c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c10	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c20	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s6700 v200r010c00spc300	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s6700 v200r010c00spc600	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s6700 v200r011c00spc200	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r008c50	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-02965 // JVNDB: JVNDB-2019-013334 // NVD: CVE-2019-5291

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5291
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5291
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-02965
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-187
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-5291
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-02965
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5291
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5291
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-02965 // JVNDB: JVNDB-2019-013334 // CNNVD: CNNVD-201912-187 // NVD: CVE-2019-5291

PROBLEMTYPE DATA

problemtype:

CWE-345

Trust: 1.8

sources: JVNDB: JVNDB-2019-013334 // NVD: CVE-2019-5291

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-187

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201912-187

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013334

PATCH

title:	huawei-sa-20191204-01-validation	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en	Trust: 0.8
title:	Patch for Vulnerabilities in Huawei product data falsification	url:	https://www.cnvd.org.cn/patchInfo/show/197273	Trust: 0.6
title:	Multiple Huawei Product data falsification issues	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105464	Trust: 0.6

sources: CNVD: CNVD-2020-02965 // JVNDB: JVNDB-2019-013334 // CNNVD: CNNVD-201912-187

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5291	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-013334	Trust: 0.8
db:	CNVD	id:	CNVD-2020-02965	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-187	Trust: 0.6

sources: CNVD: CNVD-2020-02965 // JVNDB: JVNDB-2019-013334 // CNNVD: CNNVD-201912-187 // NVD: CVE-2019-5291

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-5291	Trust: 2.0
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5291	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-01-validation-cn	Trust: 0.6

sources: CNVD: CNVD-2020-02965 // JVNDB: JVNDB-2019-013334 // CNNVD: CNNVD-201912-187 // NVD: CVE-2019-5291

SOURCES

db:	CNVD	id:	CNVD-2020-02965
db:	JVNDB	id:	JVNDB-2019-013334
db:	CNNVD	id:	CNNVD-201912-187
db:	NVD	id:	CVE-2019-5291

LAST UPDATE DATE

2024-11-23T22:51:33.027000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-02965	date:	2020-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-013334	date:	2019-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201912-187	date:	2020-05-21T00:00:00
db:	NVD	id:	CVE-2019-5291	date:	2024-11-21T04:44:41.010

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-02965	date:	2020-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-013334	date:	2019-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201912-187	date:	2019-12-04T00:00:00
db:	NVD	id:	CVE-2019-5291	date:	2019-12-13T15:15:11.457