Vulnerability Name:

CVE-2019-5294 (CCN-169987)

Assigned:2019-10-23
Published:2019-10-23
Updated:2019-11-18
Summary:There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow error when parsing the message, successful exploit may cause some service to be abnormal.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-125
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-5294

Source: MISC
Type: Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-buffer-en

Source: XF
Type: UNKNOWN
huawei-cve20195294-dos(169987)

Source: CCN
Type: huawei-sa-20191023-01-buffer
Out-Of-Bound Read Vulnerability in Some Huawei Products

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:ar120-s_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar120-s_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar120-s_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar120-s:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:huawei:ar1200_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar1200_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar1200:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:huawei:ar1200-s_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar1200-s_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar1200-s_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar1200-s:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:huawei:ar150_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar150_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar150_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar150:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:huawei:ar150-s_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar150-s_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar150-s_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar150-s:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:huawei:ar160_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar160_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar160_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar160:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:huawei:ar200_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar200_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar200_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar200:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:huawei:ar200-s_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar200-s_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar200-s_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar200-s:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:huawei:ar2200_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar2200_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar2200_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar2200:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:huawei:ar2200-s_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar2200-s_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar2200-s_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar2200-s:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:huawei:ar3200_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar3200_firmware:v200r006c10:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar3200:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:huawei:ar3600_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:ar3600_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ar3600:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:huawei:netengine16ex_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:netengine16ex_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:netengine16ex_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:netengine16ex:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:huawei:srg1300_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:srg1300_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:srg1300_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:srg1300:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:huawei:srg2300_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:srg2300_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:srg2300_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:srg2300:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:huawei:srg3300_firmware:v200r005c20:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:srg3300_firmware:v200r006c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:srg3300_firmware:v200r007c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:srg3300:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    huawei ar120-s firmware v200r005c20
    huawei ar120-s firmware v200r006c10
    huawei ar120-s firmware v200r007c00
    huawei ar120-s -
    huawei ar1200 firmware v200r005c20
    huawei ar1200 firmware v200r006c10
    huawei ar1200 firmware v200r007c00
    huawei ar1200 -
    huawei ar1200-s firmware v200r005c20
    huawei ar1200-s firmware v200r006c10
    huawei ar1200-s firmware v200r007c00
    huawei ar1200-s -
    huawei ar150 firmware v200r005c20
    huawei ar150 firmware v200r006c10
    huawei ar150 firmware v200r007c00
    huawei ar150 -
    huawei ar150-s firmware v200r005c20
    huawei ar150-s firmware v200r006c10
    huawei ar150-s firmware v200r007c00
    huawei ar150-s -
    huawei ar160 firmware v200r005c20
    huawei ar160 firmware v200r006c10
    huawei ar160 firmware v200r007c00
    huawei ar160 -
    huawei ar200 firmware v200r005c20
    huawei ar200 firmware v200r006c10
    huawei ar200 firmware v200r007c00
    huawei ar200 -
    huawei ar200-s firmware v200r005c20
    huawei ar200-s firmware v200r006c10
    huawei ar200-s firmware v200r007c00
    huawei ar200-s -
    huawei ar2200 firmware v200r005c20
    huawei ar2200 firmware v200r006c10
    huawei ar2200 firmware v200r007c00
    huawei ar2200 -
    huawei ar2200-s firmware v200r005c20
    huawei ar2200-s firmware v200r006c10
    huawei ar2200-s firmware v200r007c00
    huawei ar2200-s -
    huawei ar3200 firmware v200r005c20
    huawei ar3200 firmware v200r006c10
    huawei ar3200 -
    huawei ar3600 firmware v200r006c10
    huawei ar3600 firmware v200r007c00
    huawei ar3600 -
    huawei netengine16ex firmware v200r005c20
    huawei netengine16ex firmware v200r006c10
    huawei netengine16ex firmware v200r007c00
    huawei netengine16ex -
    huawei srg1300 firmware v200r005c20
    huawei srg1300 firmware v200r006c10
    huawei srg1300 firmware v200r007c00
    huawei srg1300 -
    huawei srg2300 firmware v200r005c20
    huawei srg2300 firmware v200r006c10
    huawei srg2300 firmware v200r007c00
    huawei srg2300 -
    huawei srg3300 firmware v200r005c20
    huawei srg3300 firmware v200r006c10
    huawei srg3300 firmware v200r007c00
    huawei srg3300 -