CVE-2019-5267

Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191218-03-information-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:oceanstor_sns3096_firmware:v100r002c01:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_sns3096:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-23 18:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-5267

Mitre link : CVE-2019-5267

CVE.ORG link : CVE-2019-5267

JSON object : View

Products Affected

huawei

oceanstor_sns3096_firmware
oceanstor_sns3096

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-5267", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-12-23T18:15:11.037", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191218-03-information-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure."}, {"lang": "es", "value": "Huawei OceanStor SNS3096 versi\u00f3n V100R002C01 presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Los atacantes con pocos privilegios pueden explotar esta vulnerabilidad al realizar algunas operaciones espec\u00edficas. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede causar cierta divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_sns3096_firmware:v100r002c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D723F0AE-DCA4-4200-8106-B0804181A9B4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_sns3096:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A3315CE-8E55-4CF8-8972-0E652C60FAEC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}