First published: Tue Jan 21 2020(Updated: )
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Usg9500 Firmware | =v500r001c30spc100 | |
Huawei Usg9500 Firmware | =v500r001c30spc200 | |
Huawei Usg9500 Firmware | =v500r001c30spc600 | |
Huawei Usg9500 Firmware | =v500r001c60spc500 | |
Huawei Usg9500 Firmware | =v500r005c00spc100 | |
Huawei Usg9500 Firmware | =v500r005c00spc200 | |
Huawei USG9500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-19411.
The severity level of CVE-2019-19411 is medium.
Versions V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, and V500R005C00SPC200 of USG9500 are affected by CVE-2019-19411.
USG9500 with the affected versions has an information leakage vulnerability due to improper processing of the initialization vector used in a specific encryption algorithm.
An attacker who gains access to the encryption algorithm's initialization vector can exploit CVE-2019-19411 to gain unauthorized access to sensitive information.