1. Home
  2. CVE Database
  3. CVE-2019-5254
HIGH · 8.6

CVE-2019-5254

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG...

Vulnerability Description

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiAp2000 Firmwarev200r005c30
HuaweiAp2000-
HuaweiIps Firmwarev500r001c00spc300
HuaweiIps-
HuaweiNgfw Firmwarev500r001c00spc300
HuaweiNgfw-
HuaweiNip6300 Firmwarev500r001c00spc300
HuaweiNip6300-
HuaweiNip6600 Firmwarev500r001c00spc300
HuaweiNip6600-
HuaweiNip6800 Firmwarev500r001c50
HuaweiNip6800-
HuaweiS5700 Firmwarev200r005c03
HuaweiS5700-
HuaweiSvn5600 Firmwarev200r003c00spc100
HuaweiSvn5600-
HuaweiSvn5800 Firmwarev200r003c00spc100
HuaweiSvn5800-
HuaweiSvn5800-C Firmwarev200r003c00spc100
HuaweiSvn5800-C-

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2019-5254?

CVE-2019-5254 is a vulnerability with a CVSS score of 8.6 (HIGH). Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG...

How severe is CVE-2019-5254?

CVE-2019-5254 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5254?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ap2000 Firmware, Huawei Ap2000, Huawei Ips Firmware, Huawei Ips, Huawei Ngfw Firmware.