CVE-2019-19411 Information

Description

USG9500 with versions of V500R001C30SPC100 V500R001C30SPC200 V500R001C30SPC600 V500R001C60SPC500 V500R005C00SPC100 V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.7