Main Vulnerability Database SB2020011712

SB2020011712 - Multiple vulnerabilities in Some Huawei Products

Published: January 17, 2020

Security Bulletin ID SB2020011712

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Infinite loop (CVE-ID: CVE-2019-19416)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing packets in the SIP module. A remote attacker can send a specially crafted message, consume all available system resources and cause denial of service conditions.

2) Buffer overflow (CVE-ID: CVE-2019-19415)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the insufficient verification of the packets in the SIP module. A remote attacker can send a specially crafted message, trigger memory corruption and cause a denial of service on the target system.

Remediation

Install update from vendor's website.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en

Vulnerable Software

Huawei AR120-S: V200R006C10 - V200R008C20
Huawei AR1200: V200R006C10 - V200R007C00
Huawei AR1200-S: V200R006C10 - V200R008C20
Huawei AR150: V200R006C10 - V200R007C01
Huawei AR150-S: V200R006C10SPC300 - V200R008C20
Huawei AR160: V200R006C10 - V200R007C00
Huawei AR200: V200R006C10 - V200R007C01
Huawei AR200-S: V200R006C10 - V200R008C30
Huawei AR2200: V200R006C10 - V200R006C16PWE
Huawei AR2200-S: V200R006C10 - V200R008C20
Huawei AR3200: V200R006C10 - V200R008C30
Huawei AR3600: V200R006C10 - V200R008C20
Huawei AR510: V200R006C10 - V200R008C30
Huawei DP300: V500R002C00
Huawei IPS Module: V100R001C10 - V100R001C30
Huawei NGFW Module: V100R001C10 - V100R001C30
Huawei NIP6300: V500R001C00 - V500R001C30
Huawei NIP6600: V500R001C00 - V500R001C30
Huawei NIP6800: V500R001C30 - V500R001C50
Huawei NetEngine16EX: V200R006C10 - V200R008C20
RSE6500: V500R002C00
Huawei SMC2.0: V100R003C00SPC200T - V600R006C00
Huawei SRG1300: V200R006C10 - V200R008C30
Huawei SRG2300: V200R006C10 - V200R008C30
Huawei SRG3300: V200R006C10 - V200R008C30
Huawei SVN5600: V200R003C00 - V200R003C10
Huawei SVN5800: V200R003C00 - V200R003C10
Huawei SVN5800-C: V200R003C00 - V200R003C10
Huawei SeMG9811: V300R001C01SPCa00 - V300R001C01SPC700
Huawei Secospace USG6300: V100R001C10 - V500R001C50
Huawei Secospace USG6500: V100R001C10 - V500R001C50
Huawei Secospace USG6600: V100R001C00 - V500R001C50
Huawei SoftCo: V200R001C01SPC300 - V200R003C20
Huawei TE30: V100R001C02SPC100 - V600R006C00
Huawei TE40: V500R002C00SPCb00 - V600R006C00
Huawei TE50: V500R002C00SPCb00 - V600R006C00
Huawei TE60: V100R001C01SPC100 - V600R006C00SPC200
Huawei TP3206: V100R002C00
USG9500: V300R001C01 - V500R001C50
Huawei USG9520: V300R001C01SPC800PWE
Huawei USG9560: V300R001C20SPC300
Huawei VP9660: V200R001C02SPC100 - V500R002C10SPC100T
Huawei ViewPoint 8660: V100R008C03SPCa00 - V100R008C03SPC900
Huawei ViewPoint 9030: V100R011C02SPC100 - V100R011C03SPC500
Huawei eSpace U1910: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1911: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1930: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1960: V100R001C01SPC500 - V200R003C30
Huawei eSpace U1980: V100R001C01SPC500T - V200R003C30
Huawei eSpace U1981: V100R001C20SPC300 - V200R003C50SPC900

SB2020011712 - Multiple vulnerabilities in Some Huawei Products

Breakdown by Severity

Description

Remediation

References

Please verify you're human