FKIE_CVE-2019-5290

Vulnerability from fkie_nvd - Published: 2019-12-13 15:15 - Updated: 2024-11-21 04:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal.
References
psirt@huawei.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-dos-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-dos-enVendor Advisory
Impacted products
Vendor Product Version
huawei s5700_firmware v200r005c00spc500
huawei s5700_firmware v200r005c02
huawei s5700_firmware v200r005c03
huawei s5700_firmware v200r006c00spc100
huawei s5700_firmware v200r006c00spc300
huawei s5700_firmware v200r006c00spc500
huawei s5700_firmware v200r007c00spc100
huawei s5700_firmware v200r007c00spc500
huawei s5700_firmware v200r008c00
huawei s5700 -
huawei s6700_firmware v200r005c00spc500
huawei s6700_firmware v200r005c01
huawei s6700_firmware v200r005c02
huawei s6700_firmware v200r008c00
huawei s6700 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r005c00spc500:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3B076D-F61E-4BE0-B808-D86EB6A83D92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r005c02:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB33B908-085C-43C6-B8B7-25BBF3614C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r005c03:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B18ABC1-A970-472A-A8BF-934D1180930E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r006c00spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56ADA0A-B3B1-4B6C-9800-EB28B61E3F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r006c00spc300:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A7B27E-CA45-44B7-9BE1-5B11D69BDDF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r006c00spc500:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A24F24-F960-4F0F-A553-3C7EAE5C13E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r007c00spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF2F7D0-8A62-4B9B-9551-749178FEA120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r007c00spc500:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDCF4CA-48CF-4AEC-B3EC-7CD9EF9E3DA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FFF548-FBEF-468A-A8DE-1DB1B7C0B3AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E22D3CFF-3353-4EE2-8933-84F395469D0D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r005c00spc500:*:*:*:*:*:*:*",
              "matchCriteriaId": "96FF5103-C97A-443A-8475-0E99A0175455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r005c01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4979AA8-0D8E-4F37-A7DC-709BE4821D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r005c02:*:*:*:*:*:*:*",
              "matchCriteriaId": "898AC16A-8F4E-4709-A3B4-DE74FFB91130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DA5CF67-A58B-4666-B87E-712507233453",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA7AC10D-B0DD-4206-8642-134DDD585C06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Huawei S5700 y S6700 presentan una vulnerabilidad de seguridad de DoS. Los atacantes con determinados permisos llevan a cabo operaciones espec\u00edficas en los dispositivos afectados. Porque el puntero en el programa no es procesado apropiadamente, la vulnerabilidad puede ser explotada para causar que el dispositivo sea anormal."
    }
  ],
  "id": "CVE-2019-5290",
  "lastModified": "2024-11-21T04:44:40.897",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-13T15:15:11.397",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-dos-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-02-dos-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.