Vulnerability Description
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Ap2000 Firmware | v200r005c30 |
| Huawei | Ap2000 | - |
| Huawei | Ips Firmware | v500r001c00spc300 |
| Huawei | Ips | - |
| Huawei | Ngfw Firmware | v500r001c00spc300 |
| Huawei | Ngfw | - |
| Huawei | Nip6300 Firmware | v500r001c00spc300 |
| Huawei | Nip6300 | - |
| Huawei | Nip6600 Firmware | v500r001c00spc300 |
| Huawei | Nip6600 | - |
| Huawei | Nip6800 Firmware | v500r001c50 |
| Huawei | Nip6800 | - |
| Huawei | S5700 Firmware | v200r005c03 |
| Huawei | S5700 | - |
| Huawei | Svn5600 Firmware | v200r003c00spc100 |
| Huawei | Svn5600 | - |
| Huawei | Svn5800 Firmware | v200r003c00spc100 |
| Huawei | Svn5800 | - |
| Huawei | Svn5800-C Firmware | v200r003c00spc100 |
| Huawei | Svn5800-C | - |
Related Weaknesses (CWE)
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-enVendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-enVendor Advisory
FAQ
What is CVE-2019-5258?
CVE-2019-5258 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG...
How severe is CVE-2019-5258?
CVE-2019-5258 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5258?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ap2000 Firmware, Huawei Ap2000, Huawei Ips Firmware, Huawei Ips, Huawei Ngfw Firmware.