Main Vulnerability Database Vulnerabilities #VU22871

Use of insufficiently random values in Huawei products - CVE-2019-5232

Published: November 20, 2019

Vulnerability identifier: #VU22871

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-5232

CWE-ID: CWE-330

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
Huawei VP9630
Huawei VP9650
Huawei VP9660

Detailed vulnerability description

The vulnerability allows remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to weak random values. A remote attacker can guess information by a large number of attempts and gain access to sensitive information.

How to mitigate CVE-2019-5232

Install updates from vendor's website.

Sources

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191120-01-viewpoint-en

Use of insufficiently random values in Huawei products - CVE-2019-5232

Detailed vulnerability description

How to mitigate CVE-2019-5232

Sources

Please verify you're human