Denial of Service Vulnerability in Huawei SIP Module
CVE-2019-19415

7.5HIGH

Key Information:

Vendor: Huawei
Status: Ar120-s; Ar1200; Ar1200-s; Ar150
Vendor: CVE Published:; 8 July 2020

Summary

The SIP module in certain Huawei products is exposed to a denial of service vulnerability, enabling remote attackers to exploit it by sending specially crafted messages. Insufficient verification of incoming packets can lead to buffer overflow conditions, resulting in a dead loop and a denied service state on the affected device. This poses significant risks to network availability and integrity, making security patches essential to mitigate these risks. For a comprehensive list of affected products and their specific versions, please refer to Huawei's security advisory.

Affected Version(s)

AR120-S V200R006C10

AR120-S V200R007C00

AR120-S V200R008C20 V200R008C30

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 8, 2020
Vulnerability Reserved
Nov 29, 2019