Sign-up

ID

VAR-201912-0913


CVE

CVE-2019-19397


TITLE

plural Huawei Vulnerabilities related to the use of cryptographic algorithms in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013188

DESCRIPTION

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks. plural Huawei The product contains a vulnerability related to the use of cryptographic algorithms.Information may be obtained. Huawei S12700, etc. are all enterprise-class switch products from Huawei. A number of Huawei products have encryption problem vulnerabilities

Trust: 2.16

sources: NVD: CVE-2019-19397 // JVNDB: JVNDB-2019-013188 // CNVD: CNVD-2020-02964

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02964

AFFECTED PRODUCTS

vendor:huaweimodel:s7700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r011c10

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r012c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c01

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r012c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r011c10

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r012c00

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r012c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r011c10

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r011c10

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r011c10

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c01

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c20

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r012c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r007c01

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r011c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c02

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r012c20

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r011c10

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c02

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r011c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r012c20

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r011c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r012c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c03

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r011c10

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r012c00

Trust: 1.0

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s1700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s2700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s12700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r007c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r007c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r011c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r012c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r011c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r012c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r012c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r011c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r011c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r012c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r011c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r011c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r012c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r012c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r011c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r011c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r012c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r011c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r012c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r007c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r011c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r012c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-02964 // JVNDB: JVNDB-2019-013188 // NVD: CVE-2019-19397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19397
value: HIGH

Trust: 1.0

NVD: CVE-2019-19397
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-02964
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-194
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-19397
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02964
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19397
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-19397
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02964 // JVNDB: JVNDB-2019-013188 // CNNVD: CNNVD-201912-194 // NVD: CVE-2019-19397

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-327

Trust: 0.8

sources: JVNDB: JVNDB-2019-013188 // NVD: CVE-2019-19397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-194

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-194

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013188

PATCH
title:huawei-sa-20191204-01-vrpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en
Trust: 0.8
title:Patch for Vulnerability in multiple Huawei productsurl:https://www.cnvd.org.cn/patchInfo/show/197263
Trust: 0.6
title:Multiple Huawei Product encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105645
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02964 // 
            
            
            
            JVNDB: JVNDB-2019-013188 // 
            
            
            
            CNNVD: CNNVD-201912-194

EXTERNAL IDS
db:NVDid:CVE-2019-19397
Trust: 3.0
db:JVNDBid:JVNDB-2019-013188
Trust: 0.8
db:CNVDid:CNVD-2020-02964
Trust: 0.6
db:CNNVDid:CNNVD-201912-194
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02964 // 
            
            
            
            JVNDB: JVNDB-2019-013188 // 
            
            
            
            CNNVD: CNNVD-201912-194 // 
            
            
            
            NVD: CVE-2019-19397

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-19397
Trust: 2.0
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19397
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-01-vrp-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02964 // 
            
            
            
            JVNDB: JVNDB-2019-013188 // 
            
            
            
            CNNVD: CNNVD-201912-194 // 
            
            
            
            NVD: CVE-2019-19397

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201912-194

SOURCES
db:CNVDid:CNVD-2020-02964
db:JVNDBid:JVNDB-2019-013188
db:CNNVDid:CNNVD-201912-194
db:NVDid:CVE-2019-19397

LAST UPDATE DATE
2024-11-23T22:25:39.541000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02964date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-013188date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-194date:2020-03-26T00:00:00
db:NVDid:CVE-2019-19397date:2024-11-21T04:34:43.150

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-02964date:2020-01-20T00:00:00
db:JVNDBid:JVNDB-2019-013188date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-194date:2019-12-04T00:00:00
db:NVDid:CVE-2019-19397date:2019-12-13T15:15:11.113