CVE-2019-19415

high-risk
Published 2020-07-08

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.

Do I need to act?

-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Smc2.0 Firmware
Smc2.0 Firmware
Smc2.0 Firmware
Smc2.0 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en
Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en
60
/ 100
high-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 33/34 · Critical