CVE-2019-19411 - OpenCVE

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Usg9500 Firmware Usg9500

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc100:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc600:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc100:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc200:::::::*

cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2020-01-21T18:09:27

Updated: 2020-01-21T18:09:27

Reserved: 2019-11-29T00:00:00

Link: CVE-2019-19411

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-21T19:15:13.113

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-19411

JSON object: View

Redhat Information

No data.

CWE

CWE-665

{"containers": {"cna": {"affected": [{"product": "USG9500", "vendor": "n/a", "versions": [{"status": "affected", "version": "V500R001C30SPC100,V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200"}]}], "descriptions": [{"lang": "en", "value": "USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished."}], "problemTypes": [{"descriptions": [{"description": "Information Leakage", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-21T18:09:27", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-19411", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "USG9500", "version": {"version_data": [{"version_value": "V500R001C30SPC100,V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Leakage"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-19411", "datePublished": "2020-01-21T18:09:27", "dateReserved": "2019-11-29T00:00:00", "dateUpdated": "2020-01-21T18:09:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc100:*:*:*:*:*:*:*", "matchCriteriaId": "55A5E70C-79F7-49DF-A621-01965486E295", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200:*:*:*:*:*:*:*", "matchCriteriaId": "C0BF5257-8CD1-4951-9C53-07B85D468F8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc600:*:*:*:*:*:*:*", "matchCriteriaId": "6E2CDEF7-F8C8-482E-B43D-DB3F0CE010F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500:*:*:*:*:*:*:*", "matchCriteriaId": "8A1EFB9D-5349-4EAF-9880-34F0D20011E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc100:*:*:*:*:*:*:*", "matchCriteriaId": "BE7369E3-5F3F-40D1-8690-95192131B683", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc200:*:*:*:*:*:*:*", "matchCriteriaId": "ADA71C5D-4B11-401D-AEC9-907204C21476", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished."}, {"lang": "es", "value": "El dispositivo USG9500 de HUAWEI con versiones de V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200, presentan una vulnerabilidad de filtrado de informaci\u00f3n. Debido a un procesamiento inapropiado del vector de inicializaci\u00f3n usado en un algoritmo de cifrado espec\u00edfico, un atacante que consigue acceso a esta primitiva criptogr\u00e1fica puede explotar esta vulnerabilidad para causar que el valor de la confidencialidad asociada con su uso sea disminuido."}], "id": "CVE-2019-19411", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-21T19:15:13.113", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}