CVE-2019-5255
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
13/12/2019
Last modified:
24/08/2020
Description
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:huawei:ap2000_firmware:v200r005c30:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ap2000_firmware:v200r006c10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ap2000_firmware:v200r006c20:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ap2000_firmware:v200r007c10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ap2000_firmware:v200r007c20:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ap2000_firmware:v200r008c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ap2000_firmware:v200r008c10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ap2000_firmware:v200r009c00:*:*:*:*:*:*:* | ||
| cpe:2.3:h:huawei:ap2000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ips_firmware:v500r001c00spc300:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ips_firmware:v500r001c00spc500:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ips_firmware:v500r001c00sph303:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ips_firmware:v500r001c00sph508:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ips_firmware:v500r001c20:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ips_firmware:v500r001c20spc100:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page