CVE-2019-5272

Name of the Vulnerable Software and Affected Versions Huawei USG9500 versions V500R001C30 through V500R001C60 Huawei USG6330 (affected versions not specified)

Description The issue is related to a missing integrity checking vulnerability in the software of the affected products. This may allow an attacker with high privilege to make malicious modifications without detection. The vulnerability can be exploited by a remote attacker using specially crafted update files, potentially disrupting the integrity of system files.

Recommendations For Huawei USG9500 versions V500R001C30 through V500R001C60, update the software to a version that includes integrity checking to prevent malicious modifications. For Huawei USG6330, at the moment, there is no information about a newer version that contains a fix for this vulnerability.