Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-19411Improper Initialization in Huawei Usg9500 Firmware

CWE-665Improper Initialization4 documents4 sources
Severity
3.7LOWNVD
EPSS
3.0%
top 13.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Huawei Usg9500 Firmware
Timeline
PublishedJan 21
Latest updateMay 24

Description

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5huawei/usg9500_firmwareV500R001C30SPC100,V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200
NVDhuawei/usg9500_firmware6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-v34h-3hv8-mwm9: USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an info2022-05-24
CVEList
CVE-2019-19411: USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an info2020-01-21

💥Exploits & PoCs

1
Nuclei
Huawei Firewall - Local File Inclusion
CVE-2019-19411 — Improper Initialization in Huawei | cvebase