CVE-2019-5280

The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones.

Published : 2019-08-13 21:15 Updated : 2019-08-27 18:21

5.8
CVSS Score More info
Score 5.8 / 10
5.8
Vendor Product Version URI
Huawei Cloudlink Phone 7900 Firmware v600r019c10 cpe:/o:huawei:cloudlink_phone_7900_firmware:v600r019c10
  1. Huawei (1) Search CVE
    1. Cloudlink Phone 7900 Firmware (1) Search CVE
      1. V600r019c10

CWE

ID Name Description Links
CWE-295 Improper Certificate Validation The software does not validate, or incorrectly validates, a certificate. CVE

History of changes

Date Event
2019-08-27 18:21
2019-08-13 21:15

New CVE