Multiple vulnerabilities in Some Huawei Products

Published: 2020-01-17

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2019-19416 CVE-2019-19415
CWE-ID	CWE-835 CWE-119
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available.
Vulnerable software Subscribe	Huawei AR120-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR1200 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR1200-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR150 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR150-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR160 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR200 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR200-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR2200 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR2200-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR3200 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR3600 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR510 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei NetEngine16EX Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei SRG1300 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei SRG2300 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei SRG3300 Hardware solutions / Routers & switches, VoIP, GSM, etc USG9500 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei USG9520 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei USG9560 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei DP300 Server applications / Conferencing, Collaboration and VoIP solutions Huawei SMC2.0 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TE30 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TE40 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TE50 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TE60 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TP3206 Server applications / Conferencing, Collaboration and VoIP solutions Huawei IPS Module Server applications / IDS/IPS systems, Firewalls and proxy servers Huawei NIP6300 Server applications / IDS/IPS systems, Firewalls and proxy servers Huawei NIP6600 Server applications / IDS/IPS systems, Firewalls and proxy servers Huawei NIP6800 Server applications / IDS/IPS systems, Firewalls and proxy servers Huawei NGFW Module Server applications / Other server solutions Huawei SVN5600 Server applications / Other server solutions Huawei SVN5800 Server applications / Other server solutions Huawei SVN5800-C Server applications / Other server solutions RSE6500 Hardware solutions / Other hardware appliances Huawei SeMG9811 Other software / Other software solutions Huawei Secospace USG6300 Server applications / Server solutions for antivurus protection Huawei Secospace USG6500 Server applications / Server solutions for antivurus protection Huawei Secospace USG6600 Server applications / Server solutions for antivurus protection Huawei SoftCo Client/Desktop applications / Other client software Huawei ViewPoint 8660 Client/Desktop applications / Other client software Huawei ViewPoint 9030 Client/Desktop applications / Other client software Huawei eSpace U1910 Client/Desktop applications / Other client software Huawei eSpace U1911 Client/Desktop applications / Other client software Huawei eSpace U1930 Client/Desktop applications / Other client software Huawei eSpace U1960 Client/Desktop applications / Other client software Huawei eSpace U1980 Client/Desktop applications / Other client software Huawei VP9660 Hardware solutions / Firmware Huawei eSpace U1981 Server applications / Remote management servers, RDP, SSH
Vendor	Huawei

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU24379

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-19416

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing packets in the SIP module. A remote attacker can send a specially crafted message, consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei AR120-S: V200R006C10 - V200R008C20

Huawei AR1200: V200R006C10 - V200R007C00

Huawei AR1200-S: V200R006C10 - V200R008C20

Huawei AR150: V200R006C10 - V200R007C01

Huawei AR150-S: V200R006C10SPC300 - V200R008C20

Huawei AR160: V200R006C10 - V200R007C00

Huawei AR200: V200R006C10 - V200R007C01

Huawei AR200-S: V200R006C10 - V200R008C30

Huawei AR2200: V200R006C10 - V200R006C16PWE

Huawei AR2200-S: V200R006C10 - V200R008C20

Huawei AR3200: V200R006C10 - V200R008C30

Huawei AR3600: V200R006C10 - V200R008C20

Huawei AR510: V200R006C10 - V200R008C30

Huawei DP300: V500R002C00

Huawei IPS Module: V100R001C10 - V100R001C30

Huawei NGFW Module: V100R001C10 - V100R001C30

Huawei NIP6300: V500R001C00 - V500R001C30

Huawei NIP6600: V500R001C00 - V500R001C30

Huawei NIP6800: V500R001C30 - V500R001C50

Huawei NetEngine16EX: V200R006C10 - V200R008C20

RSE6500: V500R002C00

Huawei SMC2.0: V100R003C00SPC200T - V600R006C00

Huawei SRG1300: V200R006C10 - V200R008C30

Huawei SRG2300: V200R006C10 - V200R008C30

Huawei SRG3300: V200R006C10 - V200R008C30

Huawei SVN5600: V200R003C00 - V200R003C10

Huawei SVN5800: V200R003C00 - V200R003C10

Huawei SVN5800-C: V200R003C00 - V200R003C10

Huawei SeMG9811: V300R001C01SPC500 - V300R001C01SPCa00

Huawei Secospace USG6300: V100R001C10 - V500R001C50

Huawei Secospace USG6500: V100R001C10 - V500R001C50

Huawei Secospace USG6600: V100R001C00 - V500R001C50

Huawei SoftCo: V200R001C01SPC300 - V200R003C20

Huawei TE30: V100R001C02SPC100 - V600R006C00

Huawei TE40: V500R002C00SPC600 - V600R006C00

Huawei TE50: V500R002C00SPC600 - V600R006C00

Huawei TE60: V100R001C01SPC100 - V600R006C00SPC200

Huawei TP3206: V100R002C00

USG9500: V300R001C01 - V500R001C50

Huawei USG9520: V300R001C01SPC800PWE

Huawei USG9560: V300R001C20SPC300

Huawei VP9660: V200R001C02SPC100 - V500R002C10T

Huawei ViewPoint 8660: V100R008C03B013SP02 - V100R008C03SPCc00

Huawei ViewPoint 9030: V100R011C02SPC100 - V100R011C03SPC500

Huawei eSpace U1910: V100R001C20SPC300 - V200R003C30

Huawei eSpace U1911: V100R001C20SPC300 - V200R003C30

Huawei eSpace U1930: V100R001C20SPC300 - V200R003C30

Huawei eSpace U1960: V100R001C01SPC500 - V200R003C30

Huawei eSpace U1980: V100R001C01SPC500T - V200R003C30

Huawei eSpace U1981: V100R001C20SPC300 - V200R003C50SPC900

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Buffer overflow

EUVDB-ID: #VU24353