ID
VAR-201908-0038
CVE
CVE-2019-5280
TITLE
Huawei CloudLink Phone 7900 Vulnerabilities related to certificate validation
Trust: 0.8
DESCRIPTION
The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones. Huawei CloudLink Phone 7900 Contains a certificate validation vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Huawei CloudLink Phone 7900 is an IP phone from China's Huawei company. An attacker can exploit this vulnerability by implementing a man-in-the-middle attack to cause an abnormal registration of the affected phone and affect the availability of the phone
Trust: 2.25
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | huawei | model: | cloudlink phone 7900 | scope: | eq | version: | v600r019c10 | Trust: 1.8 |
| vendor: | huawei | model: | cloudlink phone v600r019c10 | scope: | eq | version: | 7900 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-295 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
trust management problem
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | huawei-sa-20190724-01-7900 | url: | https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190724-01-7900-en | Trust: 0.8 |
| title: | Huawei CloudLink Phone 7900 SIP TLS Module TLS Certificate Verification Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/174487 | Trust: 0.6 |
| title: | Huawei CloudLink Phone 7900 SIP TLS Repair measures for module security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95450 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-5280 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2019-008354 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201907-1302 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-26768 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-156715 | Trust: 0.1 |
REFERENCES
| url: | https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190724-01-7900-cn | Trust: 1.8 |
| url: | https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190724-01-7900-en | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-5280 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5280 | Trust: 0.8 |
CREDITS
The vulnerability is by security researchers Alexander Traud Report to Huawei PSIRT .
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2019-26768 |
| db: | VULHUB | id: | VHN-156715 |
| db: | JVNDB | id: | JVNDB-2019-008354 |
| db: | CNNVD | id: | CNNVD-201907-1302 |
| db: | NVD | id: | CVE-2019-5280 |
LAST UPDATE DATE
2024-11-23T22:25:53.062000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-26768 | date: | 2019-08-12T00:00:00 |
| db: | VULHUB | id: | VHN-156715 | date: | 2019-08-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-008354 | date: | 2019-08-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-1302 | date: | 2019-08-28T00:00:00 |
| db: | NVD | id: | CVE-2019-5280 | date: | 2024-11-21T04:44:39.757 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-26768 | date: | 2019-08-12T00:00:00 |
| db: | VULHUB | id: | VHN-156715 | date: | 2019-08-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-008354 | date: | 2019-08-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-1302 | date: | 2019-07-24T00:00:00 |
| db: | NVD | id: | CVE-2019-5280 | date: | 2019-08-13T21:15:12.067 |