CVE-2019-5291

Published: Dec 13, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal.

Vendor	Product	Versions
n/a	AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;CloudEngine 12800;NetEngine16EX;S6700;SRG1300;SRG2300;SRG3300	affected `V200R005C20` affected `V200R006C10` affected `V200R007C00` affected `V200R008C50` affected `V200R005C00` +6 more versions

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-5291

Description

Affected Products

References