CVE-2019-5285

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 65.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei S12700 Firmware Huawei S1700 Firmware Huawei S2300 Firmware +11 more

Timeline

PublishedJun 4

Latest updateMay 24

Description

Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages14 packages

▶NVDhuawei/s1700_firmware6 versions+5

▶NVDhuawei/s2300_firmware7 versions+6

▶NVDhuawei/s2700_firmware8 versions+7

▶NVDhuawei/s5300_firmware7 versions+6

▶NVDhuawei/s5700_firmware9 versions+8

🔴Vulnerability Details

GHSA

GHSA-6wj3-8j92-9vqj: Some Huawei S series switches have a DoS vulnerability↗2022-05-24

▶

CVEList

CVE-2019-5285: Some Huawei S series switches have a DoS vulnerability↗2019-06-04

▶