CVE-2019-19415

Description

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.36%
Vendor Advisory huawei.com
Affected: Huawei AR120-S
Affected: Huawei AR1200
Affected: Huawei AR1200-S
Affected: Huawei AR150
Affected: Huawei AR150-S
Affected: Huawei AR160
Affected: Huawei AR200
Affected: Huawei AR200-S
Affected: Huawei AR2200
Affected: Huawei AR2200-S
Affected: Huawei AR3200
Affected: Huawei AR3600
Affected: Huawei AR510
Affected: Huawei DP300
Affected: Huawei IPS Module
Affected: Huawei NGFW Module
Affected: Huawei NIP6300
Affected: Huawei NIP6600
Affected: Huawei NIP6800
Affected: Huawei NetEngine16EX
Affected: Huawei RSE6500
Affected: Huawei SMC2.0
Affected: Huawei SRG1300
Affected: Huawei SRG2300
Affected: Huawei SRG3300
Affected: Huawei SVN5600
Affected: Huawei SVN5800
Affected: Huawei SVN5800-C
Affected: Huawei SeMG9811
Affected: Huawei Secospace USG6300
Affected: Huawei Secospace USG6500
Affected: Huawei Secospace USG6600
Affected: Huawei SoftCo
Affected: Huawei TE30
Affected: Huawei TE40
Affected: Huawei TE50
Affected: Huawei TE60
Affected: Huawei TP3206
Affected: Huawei USG9500
Affected: Huawei USG9520
Affected: Huawei USG9560
Affected: Huawei VP9660
Affected: Huawei ViewPoint 8660
Affected: Huawei ViewPoint 9030
Affected: Huawei eSpace U1910
Affected: Huawei eSpace U1911
Affected: Huawei eSpace U1930
Affected: Huawei eSpace U1960
Affected: Huawei eSpace U1980
Affected: Huawei eSpace U1981
Published at:
Updated at:

References

Link Tags
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-19415?
CVE-2019-19415 has been scored as a high severity vulnerability.
How to fix CVE-2019-19415?
To fix CVE-2019-19415, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-19415 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2019-19415 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-19415?
CVE-2019-19415 affects Huawei AR120-S, Huawei AR1200, Huawei AR1200-S, Huawei AR150, Huawei AR150-S, Huawei AR160, Huawei AR200, Huawei AR200-S, Huawei AR2200, Huawei AR2200-S, Huawei AR3200, Huawei AR3600, Huawei AR510, Huawei DP300, Huawei IPS Module, Huawei NGFW Module, Huawei NIP6300, Huawei NIP6600, Huawei NIP6800, Huawei NetEngine16EX, Huawei RSE6500, Huawei SMC2.0, Huawei SRG1300, Huawei SRG2300, Huawei SRG3300, Huawei SVN5600, Huawei SVN5800, Huawei SVN5800-C, Huawei SeMG9811, Huawei Secospace USG6300, Huawei Secospace USG6500, Huawei Secospace USG6600, Huawei SoftCo, Huawei TE30, Huawei TE40, Huawei TE50, Huawei TE60, Huawei TP3206, Huawei USG9500, Huawei USG9520, Huawei USG9560, Huawei VP9660, Huawei ViewPoint 8660, Huawei ViewPoint 9030, Huawei eSpace U1910, Huawei eSpace U1911, Huawei eSpace U1930, Huawei eSpace U1960, Huawei eSpace U1980, Huawei eSpace U1981.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.