CVE-2019-5291

5.9MEDIUM

Key Information:

Vendor: Huawei
Status: Ar120-s;ar1200;ar1200-s;ar150;ar150-s;ar160;ar200;ar200-s;ar2200;ar2200-s;ar3200;ar3600;cloudengine 12800;netengine16ex;s6700;srg1300;srg2300;srg3300
Vendor: CVE Published:; 13 December 2019

Summary

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.

Affected Version(s)

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300 V200R005C20

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300 V200R006C10

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300 V200R007C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2019
Vulnerability Reserved
Jan 4, 2019