CVE-2019-5254

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

8.6HIGH

EPSS

0.3%

top 51.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ap2000 Firmware Huawei Espace U1981 Firmware Huawei IPS Firmware +14 more

Timeline

PublishedDec 13

Latest updateMay 24

Description

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit ma…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages17 packages

▶NVDhuawei/secospace_usg6300_firmware26 versions+25

▶NVDhuawei/secospace_usg6500_firmware26 versions+25

▶NVDhuawei/secospace_usg6600_firmware51 versions+50

▶NVDhuawei/secospace_antiddos8000_firmware19 versions+18

▶NVDhuawei/svn5800_firmwarev200r003c00spc100

🔴Vulnerability Details

GHSA

GHSA-w25x-j7hc-vxvg: Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospa↗2022-05-24

▶

CVEList

CVE-2019-5254: Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospa↗2019-12-13

▶

External resources

NVD MITRE

Affected products17

Huawei Ap2000 Firmwarevv200r005c30vv200r006c10vv200r006c20+5 more

Huawei Espace U1981 Firmwarevv200r003c50spc700

Huawei IPS Firmwarevv500r001c00spc300vv500r001c00spc500vv500r001c00sph303+19 more

Huawei Ngfw Firmwarevv500r001c00spc300vv500r001c00spc500vv500r001c00spc500pwe+21 more

Huawei Nip6300 Firmwarevv500r001c00spc300vv500r001c00spc500vv500r001c00sph303+19 more

Huawei Nip6600 Firmwarevv500r001c00spc300vv500r001c00spc500vv500r001c00sph303+18 more

Huawei Nip6800 Firmwarevv500r001c50vv500r001c50pwevv500r001c80+1 more

Huawei S5700 Firmwarevv200r005c03

Huawei Secospace Antiddos8000 Firmwarevv500r001c00vv500r001c00spc200vv500r001c00spc300+16 more

Huawei Secospace Usg6300 Firmwarevv100r001c20spc100vv500r001c00spc300vv500r001c00spc500+23 more

Disclosure

PublishedDec 13, 2019

Latest updateMay 24, 2022