CVE-2019-5273
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious certificate, resulting a denial of service on the affected products.
USG9500 con versiones desde V500R001C30;V500R001C60 presentan una vulnerabilidad de denegación de servicio. Debido a un fallo en la implementación de X.509 en los productos afectados lo que puede resultar en un gran error de desbordamiento de búfer de la pila, un atacante puede explotar la vulnerabilidad mediante un certificado malicioso, resultando en una denegación de servicio en los productos afectados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-04 CVE Reserved
- 2019-12-26 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-eudemon-en | 2019-12-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Usg9500 Firmware Search vendor "Huawei" for product "Usg9500 Firmware" | v500r001c30 Search vendor "Huawei" for product "Usg9500 Firmware" and version "v500r001c30" | - |
Affected
| in | Huawei Search vendor "Huawei" | Usg9500 Search vendor "Huawei" for product "Usg9500" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Usg9500 Firmware Search vendor "Huawei" for product "Usg9500 Firmware" | v500r001c60 Search vendor "Huawei" for product "Usg9500 Firmware" and version "v500r001c60" | - |
Affected
| in | Huawei Search vendor "Huawei" | Usg9500 Search vendor "Huawei" for product "Usg9500" | - | - |
Safe
|