CVE-2019-5401

Name: CVE-2019-5401
Creator: NVD / NIST
Published: 2019-08-01T22:15:12.037+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.54%

Last modified Jun 17, 2026

CVE-2019-5401 is a vulnerability of currently unknown severity. A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). EPSS estimates a 0.54% chance of exploitation in the next 30 days.

Description

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.

Metrics

EPSS Probability

0.54%

41.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Hp	Hp2910al-48g Firmware	w.15.14.00.16

References

Timeline

Published: Aug 1, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-5401?

How severe is CVE-2019-5401?

Severity scoring for CVE-2019-5401 is pending analysis. The EPSS model estimates a 0.54% probability of exploitation in the next 30 days.

How do I fix CVE-2019-5401?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-5401?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST