Details of VAR-201911-0823

ID

VAR-201911-0823

CVE

CVE-2019-5247

TITLE

Huawei Atlas 300 and Atlas 500 Vulnerable to classic buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2019-012693

DESCRIPTION

Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. Atlas 300 is an AI (Artificial Intelligence) acceleration card. This product is suitable for artificial intelligence training and inference scenarios

Trust: 2.16

sources: NVD: CVE-2019-5247 // JVNDB: JVNDB-2019-012693 // CNVD: CNVD-2019-46624

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-46624

AFFECTED PRODUCTS

vendor:	huawei	model:	atlas 300	scope:	lt	version:	1.0.0.spc102	Trust: 1.0
vendor:	huawei	model:	atlas 500	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	huawei	model:	atlas 500	scope:	lt	version:	1.0.0.spc102	Trust: 1.0
vendor:	huawei	model:	atlas 300	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	huawei	model:	atlas 300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	atlas 500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	atlas	scope:	eq	version:	3001.0.0	Trust: 0.6
vendor:	huawei	model:	atlas	scope:	eq	version:	5001.0.0	Trust: 0.6
vendor:	huawei	model:	atlas 300	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	atlas 500	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	atlas 300	scope:	eq	version:	1.0.0	Trust: 0.6
vendor:	huawei	model:	atlas 500	scope:	eq	version:	1.0.0	Trust: 0.6

sources: CNVD: CNVD-2019-46624 // JVNDB: JVNDB-2019-012693 // CNNVD: CNNVD-201911-1464 // NVD: CVE-2019-5247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5247
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5247
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-46624
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201911-1464
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-5247
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-46624
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5247
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5247
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-46624 // JVNDB: JVNDB-2019-012693 // CNNVD: CNNVD-201911-1464 // NVD: CVE-2019-5247

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-012693 // NVD: CVE-2019-5247

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1464

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1464

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012693

PATCH

title:	huawei-sa-20191127-01-atlas	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-atlas-en	Trust: 0.8
title:	Patch for Huawei Atlas 300 and Atlas 500 Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/195191	Trust: 0.6
title:	Huawei Atlas 300 and Atlas 500 Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103731	Trust: 0.6

sources: CNVD: CNVD-2019-46624 // JVNDB: JVNDB-2019-012693 // CNNVD: CNNVD-201911-1464

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5247	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-012693	Trust: 0.8
db:	CNVD	id:	CNVD-2019-46624	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1464	Trust: 0.6

sources: CNVD: CNVD-2019-46624 // JVNDB: JVNDB-2019-012693 // CNNVD: CNNVD-201911-1464 // NVD: CVE-2019-5247

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-atlas-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5247	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191127-01-atlas-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5247	Trust: 0.8

sources: CNVD: CNVD-2019-46624 // JVNDB: JVNDB-2019-012693 // CNNVD: CNNVD-201911-1464 // NVD: CVE-2019-5247

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-201911-1464

SOURCES

db:	CNVD	id:	CNVD-2019-46624
db:	JVNDB	id:	JVNDB-2019-012693
db:	CNNVD	id:	CNNVD-201911-1464
db:	NVD	id:	CVE-2019-5247

LAST UPDATE DATE

2024-11-23T22:51:37.152000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-46624	date:	2019-12-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-012693	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201911-1464	date:	2019-12-10T00:00:00
db:	NVD	id:	CVE-2019-5247	date:	2024-11-21T04:44:36.053

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-46624	date:	2019-12-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-012693	date:	2019-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201911-1464	date:	2019-11-27T00:00:00
db:	NVD	id:	CVE-2019-5247	date:	2019-11-29T21:15:11.293