Details of VAR-201912-0060

ID

VAR-201912-0060

CVE

CVE-2019-5259

TITLE

plural Huawei Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013788

DESCRIPTION

There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition. plural Huawei The product contains an information disclosure vulnerability.Information may be obtained. Huawei AR1200, etc. are all enterprise routers from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5259 // JVNDB: JVNDB-2019-013788 // CNVD: CNVD-2020-02963

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-02963

AFFECTED PRODUCTS

vendor:	huawei	model:	ar160	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar160	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar3600	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar3600	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r010c00	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar160	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar160	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar3600	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar3600	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r005c00	Trust: 1.0
vendor:	huawei	model:	ar160	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r008c50	Trust: 1.0
vendor:	huawei	model:	ar150	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar200-s	scope:	eq	version:	v200r005c20	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r007c00	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar150-s	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar160	scope:	eq	version:	v200r006c10	Trust: 1.0
vendor:	huawei	model:	ar2200-s	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r005c32	Trust: 1.0
vendor:	huawei	model:	ar1200-s	scope:	eq	version:	v200r009c00	Trust: 1.0
vendor:	huawei	model:	ar120-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar1200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar1200-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar150	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar150-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar160	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar200-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar2200-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar120-s v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r010c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r005c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r005c32	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r009c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r008c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r009c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-02963 // JVNDB: JVNDB-2019-013788 // NVD: CVE-2019-5259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5259
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5259
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-02963
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-548
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-5259
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-02963
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5259
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5259
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-02963 // JVNDB: JVNDB-2019-013788 // CNNVD: CNNVD-201912-548 // NVD: CVE-2019-5259

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-013788 // NVD: CVE-2019-5259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-548

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-548

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013788

PATCH

title:	huawei-sa-20191211-01-vrp	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-vrp-en	Trust: 0.8
title:	Patch for Multiple Huawei Product Information Disclosure Vulnerabilities (CNVD-2020-02963)	url:	https://www.cnvd.org.cn/patchInfo/show/197319	Trust: 0.6
title:	Multiple Huawei Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104599	Trust: 0.6

sources: CNVD: CNVD-2020-02963 // JVNDB: JVNDB-2019-013788 // CNNVD: CNNVD-201912-548

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5259	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-013788	Trust: 0.8
db:	CNVD	id:	CNVD-2020-02963	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-548	Trust: 0.6

sources: CNVD: CNVD-2020-02963 // JVNDB: JVNDB-2019-013788 // CNNVD: CNNVD-201912-548 // NVD: CVE-2019-5259

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-5259	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-vrp-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5259	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191211-01-vrp-cn	Trust: 0.6

sources: CNVD: CNVD-2020-02963 // JVNDB: JVNDB-2019-013788 // CNNVD: CNNVD-201912-548 // NVD: CVE-2019-5259

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-201912-548

SOURCES

db:	CNVD	id:	CNVD-2020-02963
db:	JVNDB	id:	JVNDB-2019-013788
db:	CNNVD	id:	CNNVD-201912-548
db:	NVD	id:	CVE-2019-5259

LAST UPDATE DATE

2024-11-23T22:44:46.879000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-02963	date:	2020-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-013788	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-548	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-5259	date:	2024-11-21T04:44:37.640

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-02963	date:	2020-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-013788	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-548	date:	2019-12-11T00:00:00
db:	NVD	id:	CVE-2019-5259	date:	2019-12-16T22:15:11.370