CVE-2019-5304

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.

CVSS v3.0 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar120-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar120-s_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar120-s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:ar1200_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar1200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:ar1200-s_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar1200-s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:ar150_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar150:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:ar150-s_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:ar150-s_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar150-s_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar150-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar150-s_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar150-s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:huawei:ar160_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar160:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:huawei:ar200_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar200:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:huawei:ar200-s_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:ar200-s_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar200-s_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar200-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar200-s_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar200-s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:huawei:ar2200_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar2200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:huawei:ar2200-s_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:ar2200-s_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar2200-s_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar2200-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar2200-s_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar2200-s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:huawei:ar3200_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

OR	cpe:2.3:o:huawei:ar3600_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar3600_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar3600_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar3600_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:ar3600:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

OR	cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:::::::*
	cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:::::::*

cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

OR	cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:::::::*
	cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:::::::*

cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

OR	cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:::::::*
	cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:::::::*

cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

OR	cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:::::::*
	cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:::::::*

cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

OR	cpe:2.3:o:huawei:netengine16ex_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:netengine16ex_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:netengine16ex_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:netengine16ex_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:netengine16ex:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

OR	cpe:2.3:o:huawei:s5700_firmware:v200r005c00:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r005c02:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r005c03:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r006c00:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r008c00:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r010c00:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r011c00:::::::*

cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

OR	cpe:2.3:o:huawei:s6700_firmware:v200r005c00:::::::*
	cpe:2.3:o:huawei:s6700_firmware:v200r005c01:::::::*
	cpe:2.3:o:huawei:s6700_firmware:v200r005c02:::::::*
	cpe:2.3:o:huawei:s6700_firmware:v200r008c00:::::::*
	cpe:2.3:o:huawei:s6700_firmware:v200r010c00:::::::*
	cpe:2.3:o:huawei:s6700_firmware:v200r011c00:::::::*

cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

OR	cpe:2.3:o:huawei:srg1300_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:srg1300:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

OR	cpe:2.3:o:huawei:srg2300_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:srg2300:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

OR	cpe:2.3:o:huawei:srg3300_firmware:v200r003c01:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r005c20:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r008c50:::::::*

cpe:2.3:h:huawei:srg3300:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

OR	cpe:2.3:o:huawei:secospace_antiddos8000_firmware:v500r001c20:::::::*
	cpe:2.3:o:huawei:secospace_antiddos8000_firmware:v500r001c60:::::::*
	cpe:2.3:o:huawei:secospace_antiddos8000_firmware:v500r005c00:::::::*

cpe:2.3:h:huawei:secospace_antiddos8000:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

OR	cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:::::::*
	cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:::::::*

cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

OR	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:::::::*
	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:::::::*

cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

OR	cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:::::::*
	cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:::::::*

cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*

Information

Published : 2020-01-03 07:15

Updated : 2020-01-09 08:19

NVD link : CVE-2019-5304

Mitre link : CVE-2019-5304

JSON object : View

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Products Affected

huawei

ar2200-s
ar1200_firmware
ar150_firmware
ar3200
s6700_firmware
ar2200_firmware
netengine16ex
ar150
ar150-s_firmware
ar160
s5700_firmware
ar3600_firmware
secospace_antiddos8000_firmware
ar200_firmware
secospace_usg6600_firmware
ips_module
srg2300
ips_module_firmware
secospace_antiddos8000
s6700
ar3200_firmware
ar1200-s_firmware
ar120-s
ngfw_module
ar1200
ar2200
nip6600_firmware
netengine16ex_firmware
ar120-s_firmware
ar2200-s_firmware
srg2300_firmware
ar150-s
ar200-s
ar3600
secospace_usg6300_firmware
nip6600
secospace_usg6500
secospace_usg6600
ar1200-s
nip6300
s5700
secospace_usg6500_firmware
ar200
srg3300
ar160_firmware
nip6300_firmware
srg1300
secospace_usg6300
ngfw_module_firmware
srg1300_firmware
ar200-s_firmware
srg3300_firmware

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2019-5304

7.5^/10

7.8^/10

Attach tags to `CVE-2019-5304`