Details of VAR-202001-0530

ID

VAR-202001-0530

CVE

CVE-2019-19411

TITLE

USG9500 Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014339

DESCRIPTION

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished. USG9500 Contains an information disclosure vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2019-19411 // JVNDB: JVNDB-2019-014339

AFFECTED PRODUCTS

vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc100	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	usg9500 firmware 500r001c30spc100	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	usg9500 firmware 500r001c30spc200	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	usg9500 firmware 500r001c30spc600	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	usg9500 firmware 500r001c60spc500	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	usg9500 firmware 500r005c00spc100	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	usg9500 firmware 500r005c00spc200	Trust: 0.8

sources: JVNDB: JVNDB-2019-014339 // NVD: CVE-2019-19411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19411
value:	LOW
Trust: 1.0
NVD:	CVE-2019-19411
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202001-784
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2019-19411
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-19411
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19411
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-014339 // CNNVD: CNNVD-202001-784 // NVD: CVE-2019-19411

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-014339 // NVD: CVE-2019-19411

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-784

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202001-784

PATCH

title:	huawei-sa-20200115-01-firewall	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en	Trust: 0.8
title:	Huawei USG9500 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107112	Trust: 0.6

sources: JVNDB: JVNDB-2019-014339 // CNNVD: CNNVD-202001-784

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19411	Trust: 2.4
db:	JVNDB	id:	JVNDB-2019-014339	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-784	Trust: 0.6

sources: JVNDB: JVNDB-2019-014339 // CNNVD: CNNVD-202001-784 // NVD: CVE-2019-19411

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19411	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-01-firewall-cn	Trust: 0.6

sources: JVNDB: JVNDB-2019-014339 // CNNVD: CNNVD-202001-784 // NVD: CVE-2019-19411

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-202001-784

SOURCES

db:	JVNDB	id:	JVNDB-2019-014339
db:	CNNVD	id:	CNNVD-202001-784
db:	NVD	id:	CVE-2019-19411

LAST UPDATE DATE

2024-11-23T22:37:34.300000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-014339	date:	2020-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202001-784	date:	2020-12-31T00:00:00
db:	NVD	id:	CVE-2019-19411	date:	2024-11-21T04:34:43.393

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-014339	date:	2020-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202001-784	date:	2020-01-15T00:00:00
db:	NVD	id:	CVE-2019-19411	date:	2020-01-21T19:15:13.113