CVE-2019-19397

high-risk

Published 2019-12-13

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.

Do I need to act?

-

0.19% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

S12700 Firmware

S12700 Firmware

S12700 Firmware

S12700 Firmware

S12700 Firmware

S12700 Firmware

S12700 Firmware

S1700 Firmware

S1700 Firmware

S1700 Firmware

S1700 Firmware

S1700 Firmware

S2700 Firmware

S2700 Firmware

S2700 Firmware

S2700 Firmware

S2700 Firmware

S2700 Firmware

S2700 Firmware

S2700 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en

53

/ 100

high-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 26/34 · High