Vulnerability CVE-2019-5285


Published: 2019-06-04

Description:
Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)

Type:

CWE-20

(Improper Input Validation)

Vendor: Huawei
Product: S600-e firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
Product: S5700 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
v200r007c00
v200r006c00
v200r005c00
v200r003c00
Product: S12700 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
v200r007c00
v200r006c00
v200r005c00
Product: S9300x firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
Product: S6700 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
v200r007c00
v200r005c00
v200r003c00
Product: S9700 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
v200r007c00
v200r006c00
v200r005c00
v200r003c00
Product: S2700 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
v200r007c00
v200r006c00
v200r005c00
Product: S7900 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
Product: S1700 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r009c00
v200r008c00
Product: S5300 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
v200r005c00
v200r003c00
Product: S6300 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
v200r007c00
v200r005c00
v200r003c00
Product: S9300 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c10
v200r008c00
v200r003c00
Product: S2300 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
v200r005c00
v200r003c00
Product: S7700 firmware 
Version:
v200r013c00
v200r012c00
v200r011c10
v200r010c00
v200r008c00
v200r007c00
v200r006c00
v200r005c00
v200r003c00

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en

Related CVE
CVE-2019-5245
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execu...
CVE-2019-5243
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability.
CVE-2019-5242
There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the att...
CVE-2019-5241
There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause t...
CVE-2019-5300
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying dig...
CVE-2018-7900
There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability.
CVE-2018-7956
Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
CVE-2018-7977
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain add...

Copyright 2019, cxsecurity.com

 

Back to Top