cbcvebase.
CVE-2019-19411
published 2020-01-21

CVE-2019-19411: USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information…

PriorityP421low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
EXPLOIT
EPSS
1.24%
65.4th percentile
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.

Affected

7 ranges
VendorProductVersion rangeFixed in
huaweiusg9500_firmware
huaweiusg9500_firmware
huaweiusg9500_firmware
huaweiusg9500_firmware
huaweiusg9500_firmware
huaweiusg9500_firmware
huaweiusg9500_firmware

CVSS provenance

nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.