Sign-up

ID

VAR-202001-0173


CVE

CVE-2019-5304


TITLE

plural Huawei Classic buffer overflow vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2020-001035

DESCRIPTION

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. plural Huawei The product contains a classic buffer overflow vulnerability.Denial of service (DoS) May be in a state. Huawei CloudEngine 6800 is a 6800 series 10 Gigabit Ethernet switch for data centers in China's Huawei. There are security vulnerabilities in Huawei CloudEngine 12800 200R003C00, 200R005C00, and 200R005C10. An attacker could use this vulnerability to connect to an affected device and execute commands

Trust: 2.16

sources: NVD: CVE-2019-5304 // JVNDB: JVNDB-2020-001035 // CNVD: CNVD-2019-33612

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33612

AFFECTED PRODUCTS

vendor:huaweimodel:secospace antiddos8000scope:eqversion:v500r001c60

Trust: 1.6

vendor:huaweimodel:srg3300scope:eqversion:v200r008c20

Trust: 1.6

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c20

Trust: 1.6

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30

Trust: 1.6

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c20

Trust: 1.6

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c30

Trust: 1.6

vendor:huaweimodel:secospace antiddos8000scope:eqversion:v500r005c00

Trust: 1.6

vendor:huaweimodel:ar150-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:nip6300scope:eqversion:v500r001c20

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:secospace antiddos8000scope:eqversion:v500r001c20

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:nip6600scope:eqversion:v500r001c20

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c02

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c02

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r011c00

Trust: 1.0

vendor:huaweimodel:ngfw modulescope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r011c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c03

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ips modulescope:eqversion:v500r001c20

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3600scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar3600scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:ips modulescope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c20

Trust: 1.0

vendor:huaweimodel:ar3600scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c01

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar3600scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:nip6300scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r003c01

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r008c50

Trust: 1.0

vendor:huaweimodel:ngfw modulescope:eqversion:v500r001c20

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:nip6600scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar120-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar150scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar150-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar160scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar2200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar2200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:cloudengine v200r003c00scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c00scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c10scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:srg3300scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:secospace usg6500scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:secospace usg6300scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-33612 // JVNDB: JVNDB-2020-001035 // CNNVD: CNNVD-201909-890 // NVD: CVE-2019-5304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5304
value: HIGH

Trust: 1.0

NVD: CVE-2019-5304
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-33612
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-890
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5304
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-33612
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5304
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5304
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-33612 // JVNDB: JVNDB-2020-001035 // CNNVD: CNNVD-201909-890 // NVD: CVE-2019-5304

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2020-001035 // NVD: CVE-2019-5304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-890

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-890

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001035

PATCH
title:huawei-sa-20200102-01-bufferurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en
Trust: 0.8
title:Patch for Huawei CloudEngine 6800 Improper Authentication Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/182793
Trust: 0.6
title:Huawei CloudEngine 6800 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98415
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-33612 // 
            
            
            
            JVNDB: JVNDB-2020-001035 // 
            
            
            
            CNNVD: CNNVD-201909-890

EXTERNAL IDS
db:NVDid:CVE-2019-5304
Trust: 3.0
db:JVNDBid:JVNDB-2020-001035
Trust: 0.8
db:CNVDid:CNVD-2019-33612
Trust: 0.6
db:CNNVDid:CNNVD-201909-890
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-33612 // 
            
            
            
            JVNDB: JVNDB-2020-001035 // 
            
            
            
            CNNVD: CNNVD-201909-890 // 
            
            
            
            NVD: CVE-2019-5304

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5304
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190918-01-authentication-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5304
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200102-01-buffer-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-33612 // 
            
            
            
            JVNDB: JVNDB-2020-001035 // 
            
            
            
            CNNVD: CNNVD-201909-890 // 
            
            
            
            NVD: CVE-2019-5304

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201909-890

SOURCES
db:CNVDid:CNVD-2019-33612
db:JVNDBid:JVNDB-2020-001035
db:CNNVDid:CNNVD-201909-890
db:NVDid:CVE-2019-5304

LAST UPDATE DATE
2024-11-23T22:37:34.524000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-33612date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2020-001035date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201909-890date:2020-01-17T00:00:00
db:NVDid:CVE-2019-5304date:2024-11-21T04:44:42.770

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-33612date:2019-09-29T00:00:00
db:JVNDBid:JVNDB-2020-001035date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201909-890date:2019-09-18T00:00:00
db:NVDid:CVE-2019-5304date:2020-01-03T15:15:11.993