Vulnerability CVE-2019-5285


Published: 2019-06-04

Description:
Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Huawei -> S12700 firmware 
Huawei -> S1700 firmware 
Huawei -> S2300 firmware 
Huawei -> S2700 firmware 
Huawei -> S5300 firmware 
Huawei -> S5700 firmware 
Huawei -> S600-e firmware 
Huawei -> S6300 firmware 
Huawei -> S6700 firmware 
Huawei -> S7700 firmware 
Huawei -> S7900 firmware 
Huawei -> S9300 firmware 
Huawei -> S9300x firmware 
Huawei -> S9700 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en

Copyright 2022, cxsecurity.com

 

Back to Top