Vulnerability-Lookup

BDU:2020-00049

Vulnerability from fstec - Published: 02.01.2020

Title

Уязвимость маршрутизаторов Huawei, связанная с ошибками освобождения ресурсов, позволяющая нарушителю вызвать перезагрузку устройства

Description

Уязвимость маршрутизаторов Huawei связана с ошибками освобождения ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать перезагрузку устройства с помощью специально сформированных пакетов MPLS

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Huawei Technologies Co., Ltd.

Software Name

Huawei S6700, Huawei Secospace USG6600, Huawei AR120-S, Huawei AR1200, Huawei AR1200-S, Huawei AR150, Huawei AR150-S, Huawei AR160, Huawei AR200, Huawei AR200-S, Huawei AR2200, Huawei AR2200-S, Huawei AR3200, Huawei AR3600, Huawei IPS Module, Huawei NGFW Module, Huawei NIP6300, Huawei NIP6600, Huawei NetEngine16EX, Huawei S5700, Huawei SRG1300, Huawei SRG2300, Huawei SRG3300, Huawei Secospace AntiDDoS8000, Huawei Secospace USG6300, Huawei Secospace USG6500

Software Version

до V200R011C10 (Huawei S6700), до V500R005C00SPC200 (Huawei Secospace USG6600), до V200R009C00SPC500 (Huawei AR120-S), до V200R009C00SPC500 (Huawei AR1200), до V200R009C00SPC500 (Huawei AR1200-S), до V200R009C00SPC500 (Huawei AR150), до V200R009C00SPC500 (Huawei AR150-S), до V200R009C00SPC500 (Huawei AR160), до V200R009C00SPC500 (Huawei AR200), до V200R009C00SPC500 (Huawei AR200-S), до V200R009C00SPC500 (Huawei AR2200), до V200R009C00SPC500 (Huawei AR2200-S), до V200R009C00SPC500 (Huawei AR3200), до V200R009C00SPC500 (Huawei AR3600), до V500R002C00SPC200 (Huawei IPS Module), до V500R002C00SPC200 (Huawei NGFW Module), до V500R002C00SPC200 (Huawei NIP6300), до V500R002C00SPC200 (Huawei NIP6600), до V200R009C00SPC500 (Huawei NetEngine16EX), до V200R011C10 (Huawei S5700), до V200R009C00SPC500 (Huawei SRG1300), до V200R009C00SPC500 (Huawei SRG2300), до V200R009C00SPC500 (Huawei SRG3300), до V500R005C00SPC300 (Huawei Secospace AntiDDoS8000), до V500R002C00SPC200 (Huawei Secospace USG6300), до V500R002C00SPC200 (Huawei Secospace USG6500)

Possible Mitigations

Использование рекомендаций: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en

Reference

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190918-01-authentication-en

CWE

CWE-20, CWE-404

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Huawei Technologies Co., Ltd.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e V200R011C10 (Huawei S6700), \u0434\u043e V500R005C00SPC200 (Huawei Secospace USG6600), \u0434\u043e V200R009C00SPC500 (Huawei AR120-S), \u0434\u043e V200R009C00SPC500 (Huawei AR1200), \u0434\u043e V200R009C00SPC500 (Huawei AR1200-S), \u0434\u043e V200R009C00SPC500 (Huawei AR150), \u0434\u043e V200R009C00SPC500 (Huawei AR150-S), \u0434\u043e V200R009C00SPC500 (Huawei AR160), \u0434\u043e V200R009C00SPC500 (Huawei AR200), \u0434\u043e V200R009C00SPC500 (Huawei AR200-S), \u0434\u043e V200R009C00SPC500 (Huawei AR2200), \u0434\u043e V200R009C00SPC500 (Huawei AR2200-S), \u0434\u043e V200R009C00SPC500 (Huawei AR3200), \u0434\u043e V200R009C00SPC500 (Huawei AR3600), \u0434\u043e V500R002C00SPC200 (Huawei IPS Module), \u0434\u043e V500R002C00SPC200 (Huawei NGFW Module), \u0434\u043e V500R002C00SPC200 (Huawei NIP6300), \u0434\u043e V500R002C00SPC200 (Huawei NIP6600), \u0434\u043e V200R009C00SPC500 (Huawei NetEngine16EX), \u0434\u043e V200R011C10 (Huawei S5700), \u0434\u043e V200R009C00SPC500 (Huawei SRG1300), \u0434\u043e V200R009C00SPC500 (Huawei SRG2300), \u0434\u043e V200R009C00SPC500 (Huawei SRG3300), \u0434\u043e V500R005C00SPC300 (Huawei Secospace AntiDDoS8000), \u0434\u043e V500R002C00SPC200 (Huawei Secospace USG6300), \u0434\u043e V500R002C00SPC200 (Huawei Secospace USG6500)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.01.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.01.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.01.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00049",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-5304",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Huawei S6700, Huawei Secospace USG6600, Huawei AR120-S, Huawei AR1200, Huawei AR1200-S, Huawei AR150, Huawei AR150-S, Huawei AR160, Huawei AR200, Huawei AR200-S, Huawei AR2200, Huawei AR2200-S, Huawei AR3200, Huawei AR3600, Huawei IPS Module, Huawei NGFW Module, Huawei NIP6300, Huawei NIP6600, Huawei NetEngine16EX, Huawei S5700, Huawei SRG1300, Huawei SRG2300, Huawei SRG3300, Huawei Secospace AntiDDoS8000, Huawei Secospace USG6300, Huawei Secospace USG6500",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Huawei, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0430 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-404)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Huawei \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 MPLS",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190918-01-authentication-en",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-404",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2019-5304 (GCVE-0-2019-5304)

Vulnerability from cvelistv5 – Published: 2020-01-03 14:33 – Updated: 2024-08-04 19:54

Summary

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.

Severity ?

No CVSS data available.

CWE

Buffer Error

Assigner

huawei

References

URL

Tags

https://www.huawei.com/en/psirt/security-advisori…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;IPS Module;NGFW Module;NIP6300;NIP6600;NetEngine16EX;S5700;S6700;SRG1300;SRG2300;SRG3300;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600	Affected: V200R006C10 Affected: V200R007C00 Affected: V200R008C20 Affected: V200R008C50 Affected: V200R003C01 Affected: V200R005C20 Affected: V500R001C20 Affected: V500R001C30 Affected: V500R002C00 Affected: V200R005C00 Affected: V200R005C02 Affected: V200R005C03 Affected: V200R006C00 Affected: V200R008C00 Affected: V200R010C00 Affected: V200R011C00 Affected: V200R005C01 Affected: V500R001C60 Affected: V500R005C00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:53.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;IPS Module;NGFW Module;NIP6300;NIP6600;NetEngine16EX;S5700;S6700;SRG1300;SRG2300;SRG3300;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V200R006C10"
            },
            {
              "status": "affected",
              "version": "V200R007C00"
            },
            {
              "status": "affected",
              "version": "V200R008C20"
            },
            {
              "status": "affected",
              "version": "V200R008C50"
            },
            {
              "status": "affected",
              "version": "V200R003C01"
            },
            {
              "status": "affected",
              "version": "V200R005C20"
            },
            {
              "status": "affected",
              "version": "V500R001C20"
            },
            {
              "status": "affected",
              "version": "V500R001C30"
            },
            {
              "status": "affected",
              "version": "V500R002C00"
            },
            {
              "status": "affected",
              "version": "V200R005C00"
            },
            {
              "status": "affected",
              "version": "V200R005C02"
            },
            {
              "status": "affected",
              "version": "V200R005C03"
            },
            {
              "status": "affected",
              "version": "V200R006C00"
            },
            {
              "status": "affected",
              "version": "V200R008C00"
            },
            {
              "status": "affected",
              "version": "V200R010C00"
            },
            {
              "status": "affected",
              "version": "V200R011C00"
            },
            {
              "status": "affected",
              "version": "V200R005C01"
            },
            {
              "status": "affected",
              "version": "V500R001C60"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Error",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-03T14:33:41.000Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2019-5304",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;IPS Module;NGFW Module;NIP6300;NIP6600;NetEngine16EX;S5700;S6700;SRG1300;SRG2300;SRG3300;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V200R006C10"
                          },
                          {
                            "version_value": "V200R007C00"
                          },
                          {
                            "version_value": "V200R008C20"
                          },
                          {
                            "version_value": "V200R008C50"
                          },
                          {
                            "version_value": "V200R003C01"
                          },
                          {
                            "version_value": "V200R005C20"
                          },
                          {
                            "version_value": "V500R001C20"
                          },
                          {
                            "version_value": "V500R001C30"
                          },
                          {
                            "version_value": "V500R002C00"
                          },
                          {
                            "version_value": "V200R005C00"
                          },
                          {
                            "version_value": "V200R005C02"
                          },
                          {
                            "version_value": "V200R005C03"
                          },
                          {
                            "version_value": "V200R006C00"
                          },
                          {
                            "version_value": "V200R008C00"
                          },
                          {
                            "version_value": "V200R010C00"
                          },
                          {
                            "version_value": "V200R011C00"
                          },
                          {
                            "version_value": "V200R005C01"
                          },
                          {
                            "version_value": "V500R001C60"
                          },
                          {
                            "version_value": "V500R005C00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2019-5304",
    "datePublished": "2020-01-03T14:33:41.000Z",
    "dateReserved": "2019-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T19:54:53.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-00049

CVE-2019-5304 (GCVE-0-2019-5304)

Tags

Sightings

Nomenclature