5.9

CVE-2019-5291

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.

Data is provided by the National Vulnerability Database (NVD)
HuaweiAr120-s Firmware Versionv200r005c20
   HuaweiAr120-s Version-
HuaweiAr120-s Firmware Versionv200r006c10
   HuaweiAr120-s Version-
HuaweiAr120-s Firmware Versionv200r007c00
   HuaweiAr120-s Version-
HuaweiAr120-s Firmware Versionv200r008c50
   HuaweiAr120-s Version-
HuaweiAr1200 Firmware Versionv200r005c00
   HuaweiAr1200 Version-
HuaweiAr1200 Firmware Versionv200r006c10
   HuaweiAr1200 Version-
HuaweiAr1200 Firmware Versionv200r007c00
   HuaweiAr1200 Version-
HuaweiAr1200 Firmware Versionv200r008c50
   HuaweiAr1200 Version-
HuaweiAr1200-s Firmware Versionv200r005c20
   HuaweiAr1200-s Version-
HuaweiAr1200-s Firmware Versionv200r006c10
   HuaweiAr1200-s Version-
HuaweiAr1200-s Firmware Versionv200r007c00
   HuaweiAr1200-s Version-
HuaweiAr1200-s Firmware Versionv200r008c50
   HuaweiAr1200-s Version-
HuaweiAr150 Firmware Versionv200r005c20
   HuaweiAr150 Version-
HuaweiAr150 Firmware Versionv200r006c10
   HuaweiAr150 Version-
HuaweiAr150 Firmware Versionv200r007c00
   HuaweiAr150 Version-
HuaweiAr150 Firmware Versionv200r008c50
   HuaweiAr150 Version-
HuaweiAr150-s Firmware Versionv200r005c20
   HuaweiAr150-s Version-
HuaweiAr150-s Firmware Versionv200r006c10
   HuaweiAr150-s Version-
HuaweiAr150-s Firmware Versionv200r007c00
   HuaweiAr150-s Version-
HuaweiAr150-s Firmware Versionv200r008c50
   HuaweiAr150-s Version-
HuaweiAr160 Firmware Versionv200r005c20
   HuaweiAr160 Version-
HuaweiAr160 Firmware Versionv200r006c10
   HuaweiAr160 Version-
HuaweiAr160 Firmware Versionv200r007c00
   HuaweiAr160 Version-
HuaweiAr160 Firmware Versionv200r008c50
   HuaweiAr160 Version-
HuaweiAr200 Firmware Versionv200r005c20
   HuaweiAr200 Version-
HuaweiAr200 Firmware Versionv200r006c10
   HuaweiAr200 Version-
HuaweiAr200 Firmware Versionv200r007c00
   HuaweiAr200 Version-
HuaweiAr200 Firmware Versionv200r008c50
   HuaweiAr200 Version-
HuaweiAr200-s Firmware Versionv200r005c20
   HuaweiAr200-s Version-
HuaweiAr200-s Firmware Versionv200r006c10
   HuaweiAr200-s Version-
HuaweiAr200-s Firmware Versionv200r007c00
   HuaweiAr200-s Version-
HuaweiAr200-s Firmware Versionv200r008c50
   HuaweiAr200-s Version-
HuaweiAr2200 Firmware Versionv200r005c20
   HuaweiAr2200 Version-
HuaweiAr2200 Firmware Versionv200r006c10
   HuaweiAr2200 Version-
HuaweiAr2200 Firmware Versionv200r007c00
   HuaweiAr2200 Version-
HuaweiAr2200 Firmware Versionv200r008c50
   HuaweiAr2200 Version-
HuaweiAr2200-s Firmware Versionv200r005c20
   HuaweiAr2200-s Version-
HuaweiAr2200-s Firmware Versionv200r006c10
   HuaweiAr2200-s Version-
HuaweiAr2200-s Firmware Versionv200r007c00
   HuaweiAr2200-s Version-
HuaweiAr2200-s Firmware Versionv200r008c50
   HuaweiAr2200-s Version-
HuaweiAr3200 Firmware Versionv200r005c20
   HuaweiAr3200 Version-
HuaweiAr3200 Firmware Versionv200r006c10
   HuaweiAr3200 Version-
HuaweiAr3200 Firmware Versionv200r007c00
   HuaweiAr3200 Version-
HuaweiAr3200 Firmware Versionv200r008c50
   HuaweiAr3200 Version-
HuaweiAr3600 Firmware Versionv200r006c10
   HuaweiAr3600 Version-
HuaweiAr3600 Firmware Versionv200r007c00
   HuaweiAr3600 Version-
HuaweiAr3600 Firmware Versionv200r008c50
   HuaweiAr3600 Version-
HuaweiCloudengine 12800 Firmware Versionv200r002c10
   HuaweiCloudengine 12800 Version-
HuaweiCloudengine 12800 Firmware Versionv200r002c20
   HuaweiCloudengine 12800 Version-
HuaweiNetengine16ex Firmware Versionv200r005c20
   HuaweiNetengine16ex Version-
HuaweiNetengine16ex Firmware Versionv200r006c10
   HuaweiNetengine16ex Version-
HuaweiNetengine16ex Firmware Versionv200r007c00
   HuaweiNetengine16ex Version-
HuaweiNetengine16ex Firmware Versionv200r008c50
   HuaweiNetengine16ex Version-
HuaweiS6700 Firmware Versionv200r008c00
   HuaweiS6700 Version-
HuaweiS6700 Firmware Versionv200r010c00spc300
   HuaweiS6700 Version-
HuaweiS6700 Firmware Versionv200r010c00spc600
   HuaweiS6700 Version-
HuaweiS6700 Firmware Versionv200r011c00spc200
   HuaweiS6700 Version-
HuaweiSrg1300 Firmware Versionv200r005c20
   HuaweiSrg1300 Version-
HuaweiSrg1300 Firmware Versionv200r006c10
   HuaweiSrg1300 Version-
HuaweiSrg1300 Firmware Versionv200r007c00
   HuaweiSrg1300 Version-
HuaweiSrg1300 Firmware Versionv200r008c50
   HuaweiSrg1300 Version-
HuaweiSrg2300 Firmware Versionv200r005c20
   HuaweiSrg2300 Version-
HuaweiSrg2300 Firmware Versionv200r006c10
   HuaweiSrg2300 Version-
HuaweiSrg2300 Firmware Versionv200r007c00
   HuaweiSrg2300 Version-
HuaweiSrg2300 Firmware Versionv200r008c50
   HuaweiSrg2300 Version-
HuaweiSrg3300 Firmware Versionv200r005c20
   HuaweiSrg3300 Version-
HuaweiSrg3300 Firmware Versionv200r006c10
   HuaweiSrg3300 Version-
HuaweiSrg3300 Firmware Versionv200r007c00
   HuaweiSrg3300 Version-
HuaweiSrg3300 Firmware Versionv200r008c50
   HuaweiSrg3300 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.22% 0.449
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.