Data Authenticity Vulnerability in Huawei Products
CVE-2019-5291
Key Information:
- Vendor
- Huawei
- Vendor
- CVE Published:
- 13 December 2019
Summary
Certain Huawei networking devices are susceptible to a vulnerability that arises from insufficient verification of data authenticity. This flaw allows a remote, unauthenticated attacker to intercept and manipulate packets exchanged between devices. By altering specific fields within these packets and sending them to a peer device, an attacker can lead the system into an abnormal operating state, potentially compromising the integrity and availability of the networked system.
Affected Version(s)
AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300 V200R005C20
AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300 V200R006C10
AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300 V200R007C00
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved