Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU24379
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-19416
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing packets in the SIP module. A remote attacker can send a specially crafted message, consume all available system resources and cause denial of service conditions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei AR120-S: V200R006C10 - V200R008C20
Huawei AR1200: V200R006C10 - V200R007C00
Huawei AR1200-S: V200R006C10 - V200R008C20
Huawei AR150: V200R006C10 - V200R007C01
Huawei AR150-S: V200R006C10SPC300 - V200R008C20
Huawei AR160: V200R006C10 - V200R007C00
Huawei AR200: V200R006C10 - V200R007C01
Huawei AR200-S: V200R006C10 - V200R008C30
Huawei AR2200: V200R006C10 - V200R006C16PWE
Huawei AR2200-S: V200R006C10 - V200R008C20
Huawei AR3200: V200R006C10 - V200R008C30
Huawei AR3600: V200R006C10 - V200R008C20
Huawei AR510: V200R006C10 - V200R008C30
Huawei DP300: V500R002C00
Huawei IPS Module: V100R001C10 - V100R001C30
Huawei NGFW Module: V100R001C10 - V100R001C30
Huawei NIP6300: V500R001C00 - V500R001C30
Huawei NIP6600: V500R001C00 - V500R001C30
Huawei NIP6800: V500R001C30 - V500R001C50
Huawei NetEngine16EX: V200R006C10 - V200R008C20
RSE6500: V500R002C00
Huawei SMC2.0: V100R003C00SPC200T - V600R006C00
Huawei SRG1300: V200R006C10 - V200R008C30
Huawei SRG2300: V200R006C10 - V200R008C30
Huawei SRG3300: V200R006C10 - V200R008C30
Huawei SVN5600: V200R003C00 - V200R003C10
Huawei SVN5800: V200R003C00 - V200R003C10
Huawei SVN5800-C: V200R003C00 - V200R003C10
Huawei SeMG9811: V300R001C01SPC500 - V300R001C01SPCa00
Huawei Secospace USG6300: V100R001C10 - V500R001C50
Huawei Secospace USG6500: V100R001C10 - V500R001C50
Huawei Secospace USG6600: V100R001C00 - V500R001C50
Huawei SoftCo: V200R001C01SPC300 - V200R003C20
Huawei TE30: V100R001C02SPC100 - V600R006C00
Huawei TE40: V500R002C00SPC600 - V600R006C00
Huawei TE50: V500R002C00SPC600 - V600R006C00
Huawei TE60: V100R001C01SPC100 - V600R006C00SPC200
Huawei TP3206: V100R002C00
USG9500: V300R001C01 - V500R001C50
Huawei USG9520: V300R001C01SPC800PWE
Huawei USG9560: V300R001C20SPC300
Huawei VP9660: V200R001C02SPC100 - V500R002C10T
Huawei ViewPoint 8660: V100R008C03B013SP02 - V100R008C03SPCc00
Huawei ViewPoint 9030: V100R011C02SPC100 - V100R011C03SPC500
Huawei eSpace U1910: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1911: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1930: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1960: V100R001C01SPC500 - V200R003C30
Huawei eSpace U1980: V100R001C01SPC500T - V200R003C30
Huawei eSpace U1981: V100R001C20SPC300 - V200R003C50SPC900
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU24353
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-19415
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the insufficient verification of the packets in the SIP module. A remote attacker can send a specially crafted message, trigger memory corruption and cause a denial of service on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei AR120-S: V200R006C10 - V200R008C20
Huawei AR1200: V200R006C10 - V200R007C00
Huawei AR1200-S: V200R006C10 - V200R008C20
Huawei AR150: V200R006C10 - V200R007C01
Huawei AR150-S: V200R006C10SPC300 - V200R008C20
Huawei AR160: V200R006C10 - V200R007C00
Huawei AR200: V200R006C10 - V200R007C01
Huawei AR200-S: V200R006C10 - V200R008C30
Huawei AR2200: V200R006C10 - V200R006C16PWE
Huawei AR2200-S: V200R006C10 - V200R008C20
Huawei AR3200: V200R006C10 - V200R008C30
Huawei AR3600: V200R006C10 - V200R008C20
Huawei AR510: V200R006C10 - V200R008C30
Huawei DP300: V500R002C00
Huawei IPS Module: V100R001C10 - V100R001C30
Huawei NGFW Module: V100R001C10 - V100R001C30
Huawei NIP6300: V500R001C00 - V500R001C30
Huawei NIP6600: V500R001C00 - V500R001C30
Huawei NIP6800: V500R001C30 - V500R001C50
Huawei NetEngine16EX: V200R006C10 - V200R008C20
RSE6500: V500R002C00
Huawei SMC2.0: V100R003C00SPC200T - V600R006C00
Huawei SRG1300: V200R006C10 - V200R008C30
Huawei SRG2300: V200R006C10 - V200R008C30
Huawei SRG3300: V200R006C10 - V200R008C30
Huawei SVN5600: V200R003C00 - V200R003C10
Huawei SVN5800: V200R003C00 - V200R003C10
Huawei SVN5800-C: V200R003C00 - V200R003C10
Huawei SeMG9811: V300R001C01SPC500 - V300R001C01SPCa00
Huawei Secospace USG6300: V100R001C10 - V500R001C50
Huawei Secospace USG6500: V100R001C10 - V500R001C50
Huawei Secospace USG6600: V100R001C00 - V500R001C50
Huawei SoftCo: V200R001C01SPC300 - V200R003C20
Huawei TE30: V100R001C02SPC100 - V600R006C00
Huawei TE40: V500R002C00SPC600 - V600R006C00
Huawei TE50: V500R002C00SPC600 - V600R006C00
Huawei TE60: V100R001C01SPC100 - V600R006C00SPC200
Huawei TP3206: V100R002C00
USG9500: V300R001C01 - V500R001C50
Huawei USG9520: V300R001C01SPC800PWE
Huawei USG9560: V300R001C20SPC300
Huawei VP9660: V200R001C02SPC100 - V500R002C10T
Huawei ViewPoint 8660: V100R008C03B013SP02 - V100R008C03SPCc00
Huawei ViewPoint 9030: V100R011C02SPC100 - V100R011C03SPC500
Huawei eSpace U1910: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1911: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1930: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1960: V100R001C01SPC500 - V200R003C30
Huawei eSpace U1980: V100R001C01SPC500T - V200R003C30
Huawei eSpace U1981: V100R001C20SPC300 - V200R003C50SPC900
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.