CVE-2019-5259

There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Ar120-s_firmware	Huawei	v200r005c32 (including)	v200r005c32 (including)
Ar120-s_firmware	Huawei	v200r006c10 (including)	v200r006c10 (including)
Ar120-s_firmware	Huawei	v200r007c00 (including)	v200r007c00 (including)
Ar120-s_firmware	Huawei	v200r008c50 (including)	v200r008c50 (including)
Ar120-s_firmware	Huawei	v200r009c00 (including)	v200r009c00 (including)
Ar120-s_firmware	Huawei	v200r010c00 (including)	v200r010c00 (including)

Potential Mitigations

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-vrp-en

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5259
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References