github - ghsa-x6v5-8qcc-4q56

ghsa-x6v5-8qcc-4q56

Vulnerability from github

Published

2022-05-24 17:03

Modified

2022-05-24 17:03

Details

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5291"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-13T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.",
  "id": "GHSA-x6v5-8qcc-4q56",
  "modified": "2022-05-24T17:03:40Z",
  "published": "2022-05-24T17:03:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5291"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2019-5291

Vulnerability from cvelistv5

Published

2019-12-13 14:35

Modified

2024-08-04 19:54

Severity ?

Summary

References

▼	URL	Tags
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300

Version: V200R005C20
Version: V200R006C10
Version: V200R007C00
Version: V200R008C50
Version: V200R005C00
Version: V200R002C10
Version: V200R002C20
Version: V200R008C00
Version: V200R010C00SPC300
Version: V200R010C00SPC600
Version: V200R011C00SPC200

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:52.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V200R005C20"
            },
            {
              "status": "affected",
              "version": "V200R006C10"
            },
            {
              "status": "affected",
              "version": "V200R007C00"
            },
            {
              "status": "affected",
              "version": "V200R008C50"
            },
            {
              "status": "affected",
              "version": "V200R005C00"
            },
            {
              "status": "affected",
              "version": "V200R002C10"
            },
            {
              "status": "affected",
              "version": "V200R002C20"
            },
            {
              "status": "affected",
              "version": "V200R008C00"
            },
            {
              "status": "affected",
              "version": "V200R010C00SPC300"
            },
            {
              "status": "affected",
              "version": "V200R010C00SPC600"
            },
            {
              "status": "affected",
              "version": "V200R011C00SPC200"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient Verification",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-13T14:35:50",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2019-5291",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V200R005C20"
                          },
                          {
                            "version_value": "V200R006C10"
                          },
                          {
                            "version_value": "V200R007C00"
                          },
                          {
                            "version_value": "V200R008C50"
                          },
                          {
                            "version_value": "V200R005C00"
                          },
                          {
                            "version_value": "V200R002C10"
                          },
                          {
                            "version_value": "V200R002C20"
                          },
                          {
                            "version_value": "V200R008C00"
                          },
                          {
                            "version_value": "V200R010C00SPC300"
                          },
                          {
                            "version_value": "V200R010C00SPC600"
                          },
                          {
                            "version_value": "V200R011C00SPC200"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient Verification"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en",
              "refsource": "MISC",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2019-5291",
    "datePublished": "2019-12-13T14:35:50",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:54:52.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted