Vulnerability identifier: #VU24379
Vulnerability risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Huawei AR120-S
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR1200
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR1200-S
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR150
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR150-S
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR160
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR200
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR200-S
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR2200
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR2200-S
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR3200
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR3600
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei AR510
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei NetEngine16EX
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei SRG1300
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei SRG2300
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei SRG3300
Hardware solutions /
Routers & switches, VoIP, GSM, etc
USG9500
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei USG9520
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei USG9560
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Huawei DP300
Server applications /
Conferencing, Collaboration and VoIP solutions
Huawei SMC2.0
Server applications /
Conferencing, Collaboration and VoIP solutions
Huawei TE30
Server applications /
Conferencing, Collaboration and VoIP solutions
Huawei TE40
Server applications /
Conferencing, Collaboration and VoIP solutions
Huawei TE50
Server applications /
Conferencing, Collaboration and VoIP solutions
Huawei TE60
Server applications /
Conferencing, Collaboration and VoIP solutions
Huawei TP3206
Server applications /
Conferencing, Collaboration and VoIP solutions
Huawei IPS Module
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Huawei NIP6300
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Huawei NIP6600
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Huawei NIP6800
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Huawei NGFW Module
Server applications /
Other server solutions
Huawei SVN5600
Server applications /
Other server solutions
Huawei SVN5800
Server applications /
Other server solutions
Huawei SVN5800-C
Server applications /
Other server solutions
RSE6500
Hardware solutions /
Other hardware appliances
Huawei SeMG9811
Other software /
Other software solutions
Huawei Secospace USG6300
Server applications /
Server solutions for antivurus protection
Huawei Secospace USG6500
Server applications /
Server solutions for antivurus protection
Huawei Secospace USG6600
Server applications /
Server solutions for antivurus protection
Huawei SoftCo
Client/Desktop applications /
Other client software
Huawei ViewPoint 8660
Client/Desktop applications /
Other client software
Huawei ViewPoint 9030
Client/Desktop applications /
Other client software
Huawei eSpace U1910
Client/Desktop applications /
Other client software
Huawei eSpace U1911
Client/Desktop applications /
Other client software
Huawei eSpace U1930
Client/Desktop applications /
Other client software
Huawei eSpace U1960
Client/Desktop applications /
Other client software
Huawei eSpace U1980
Client/Desktop applications /
Other client software
Huawei VP9660
Hardware solutions /
Firmware
Huawei eSpace U1981
Server applications /
Remote management servers, RDP, SSH
Vendor: Huawei
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing packets in the SIP module. A remote attacker can send a specially crafted message, consume all available system resources and cause denial of service conditions.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Huawei AR120-S: V200R006C10 - V200R008C20
Huawei AR1200: V200R006C10 - V200R007C00
Huawei AR1200-S: V200R006C10 - V200R008C20
Huawei AR150: V200R006C10 - V200R007C01
Huawei AR150-S: V200R006C10SPC300 - V200R008C20
Huawei AR160: V200R006C10 - V200R007C00
Huawei AR200: V200R006C10 - V200R007C01
Huawei AR200-S: V200R006C10 - V200R008C30
Huawei AR2200: V200R006C10 - V200R006C16PWE
Huawei AR2200-S: V200R006C10 - V200R008C20
Huawei AR3200: V200R006C10 - V200R008C30
Huawei AR3600: V200R006C10 - V200R008C20
Huawei AR510: V200R006C10 - V200R008C30
Huawei DP300: V500R002C00
Huawei IPS Module: V100R001C10 - V100R001C30
Huawei NGFW Module: V100R001C10 - V100R001C30
Huawei NIP6300: V500R001C00 - V500R001C30
Huawei NIP6600: V500R001C00 - V500R001C30
Huawei NIP6800: V500R001C30 - V500R001C50
Huawei NetEngine16EX: V200R006C10 - V200R008C20
RSE6500: V500R002C00
Huawei SMC2.0: V100R003C00SPC200T - V600R006C00
Huawei SRG1300: V200R006C10 - V200R008C30
Huawei SRG2300: V200R006C10 - V200R008C30
Huawei SRG3300: V200R006C10 - V200R008C30
Huawei SVN5600: V200R003C00 - V200R003C10
Huawei SVN5800: V200R003C00 - V200R003C10
Huawei SVN5800-C: V200R003C00 - V200R003C10
Huawei SeMG9811: V300R001C01SPC500 - V300R001C01SPCa00
Huawei Secospace USG6300: V100R001C10 - V500R001C50
Huawei Secospace USG6500: V100R001C10 - V500R001C50
Huawei Secospace USG6600: V100R001C00 - V500R001C50
Huawei SoftCo: V200R001C01SPC300 - V200R003C20
Huawei TE30: V100R001C02SPC100 - V600R006C00
Huawei TE40: V500R002C00SPC600 - V600R006C00
Huawei TE50: V500R002C00SPC600 - V600R006C00
Huawei TE60: V100R001C01SPC100 - V600R006C00SPC200
Huawei TP3206: V100R002C00
USG9500: V300R001C01 - V500R001C50
Huawei USG9520: V300R001C01SPC800PWE
Huawei USG9560: V300R001C20SPC300
Huawei VP9660: V200R001C02SPC100 - V500R002C10T
Huawei ViewPoint 8660: V100R008C03B013SP02 - V100R008C03SPCc00
Huawei ViewPoint 9030: V100R011C02SPC100 - V100R011C03SPC500
Huawei eSpace U1910: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1911: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1930: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1960: V100R001C01SPC500 - V200R003C30
Huawei eSpace U1980: V100R001C01SPC500T - V200R003C30
Huawei eSpace U1981: V100R001C20SPC300 - V200R003C50SPC900
External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.