Details of VAR-201912-0065

ID

VAR-201912-0065

CVE

CVE-2019-5267

TITLE

Huawei OceanStor SNS3096 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-47198 // CNNVD: CNNVD-201912-904

DESCRIPTION

Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure. Huawei OceanStor SNS3096 is a data center-oriented fiber switch from China's Huawei

Trust: 2.16

sources: NVD: CVE-2019-5267 // JVNDB: JVNDB-2019-013595 // CNVD: CNVD-2019-47198

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-47198

AFFECTED PRODUCTS

vendor:	huawei	model:	oceanstor sns3096	scope:	eq	version:	v100r002c01	Trust: 1.0
vendor:	huawei	model:	oceanstor sns3096	scope:	eq	version:	100r002c01	Trust: 0.8
vendor:	huawei	model:	oceanstor sns3096 v100r002c01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-47198 // JVNDB: JVNDB-2019-013595 // NVD: CVE-2019-5267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5267
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5267
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-47198
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-904
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-5267
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-47198
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5267
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5267
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-47198 // JVNDB: JVNDB-2019-013595 // CNNVD: CNNVD-201912-904 // NVD: CVE-2019-5267

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-013595 // NVD: CVE-2019-5267

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-904

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-904

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013595

PATCH

title:	huawei-sa-20191218-03-information	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191218-03-information-en	Trust: 0.8
title:	Patch for Huawei OceanStor SNS3096 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/195477	Trust: 0.6
title:	Huawei OceanStor SNS3096 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105181	Trust: 0.6

sources: CNVD: CNVD-2019-47198 // JVNDB: JVNDB-2019-013595 // CNNVD: CNNVD-201912-904

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5267	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-013595	Trust: 0.8
db:	CNVD	id:	CNVD-2019-47198	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-904	Trust: 0.6

sources: CNVD: CNVD-2019-47198 // JVNDB: JVNDB-2019-013595 // CNNVD: CNNVD-201912-904 // NVD: CVE-2019-5267

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191218-03-information-en	Trust: 1.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191218-03-information-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5267	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5267	Trust: 0.8

sources: CNVD: CNVD-2019-47198 // JVNDB: JVNDB-2019-013595 // CNNVD: CNNVD-201912-904 // NVD: CVE-2019-5267

CREDITS

Huawei

Trust: 0.6

sources: CNNVD: CNNVD-201912-904

SOURCES

db:	CNVD	id:	CNVD-2019-47198
db:	JVNDB	id:	JVNDB-2019-013595
db:	CNNVD	id:	CNNVD-201912-904
db:	NVD	id:	CVE-2019-5267

LAST UPDATE DATE

2024-11-23T22:55:20.327000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-47198	date:	2019-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-013595	date:	2020-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201912-904	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-5267	date:	2024-11-21T04:44:38.413

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-47198	date:	2019-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-013595	date:	2020-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201912-904	date:	2019-12-18T00:00:00
db:	NVD	id:	CVE-2019-5267	date:	2019-12-23T18:15:11.037