CVE-2019-5256 — MEDIUM (5.5)

Vulnerability Description

Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. The system dereferences a pointer that it expects to be valid, but is NULL. A local attacker could exploit this vulnerability by sending crafted parameters. A successful exploit could cause a denial of service and the process reboot.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Ap2000 Firmware	v200r005c30
Huawei	Ap2000	-
Huawei	Ips Firmware	v500r001c00spc300
Huawei	Ips	-
Huawei	Ngfw Firmware	v500r001c00spc300
Huawei	Ngfw	-
Huawei	Nip6300 Firmware	v500r001c00spc300
Huawei	Nip6300	-
Huawei	Nip6600 Firmware	v500r001c00spc300
Huawei	Nip6600	-
Huawei	Nip6800 Firmware	v500r001c50
Huawei	Nip6800	-
Huawei	S5700 Firmware	v200r005c03
Huawei	S5700	-
Huawei	Svn5600 Firmware	v200r003c00spc100
Huawei	Svn5600	-
Huawei	Svn5800 Firmware	v200r003c00spc100
Huawei	Svn5800	-
Huawei	Svn5800-C Firmware	v200r003c00spc100
Huawei	Svn5800-C	-

Related Weaknesses (CWE)

CWE-476

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-enVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-enVendor Advisory

FAQ

What is CVE-2019-5256?

CVE-2019-5256 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG...

How severe is CVE-2019-5256?

CVE-2019-5256 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5256?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ap2000 Firmware, Huawei Ap2000, Huawei Ips Firmware, Huawei Ips, Huawei Ngfw Firmware.