CVE-2019-19415

CWE-20Improper Input ValidationCWE-119Buffer Overflow3 documents3 sources
Severity
7.5HIGH
EPSS
0.4%
top 41.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
100
Huawei Ar120-sHuawei Ar1200Huawei Ar1200-s+97 more
Timeline
PublishedJul 8
Latest updateMay 24

Description

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages100 packages

CVEListV5huawei/ips_module7 versions+6
CVEListV5huawei/ngfw_module7 versions+6
NVDhuawei/ips_module_firmware7 versions+6
NVDhuawei/ngfw_module_firmware7 versions+6
CVEListV5huawei/te308 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-6m69-cx8h-87x2: The SIP module of some Huawei products have a denial of service (DoS) vulnerability2022-05-24
CVEList
CVE-2019-19415: The SIP module of some Huawei products have a denial of service (DoS) vulnerability2020-07-08
CVE-2019-19415 (HIGH CVSS 7.5) | The SIP module of some Huawei produ | cvebase.io