CVE-2019-5280

Name of the Vulnerable Software and Affected Versions Huawei CloudLink Phone 7900 version V600R019C10

Description The issue concerns a TLS certificate verification vulnerability in the SIP TLS module. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks. This can lead to affected phones being registered abnormally, affecting the availability of IP phones. The vulnerability can be exploited by a remote attacker to perform such attacks.

Recommendations For Huawei CloudLink Phone 7900 version V600R019C10, consider disabling the SIP TLS module until a patch is available to prevent man-in-the-middle attacks. Restrict access to the phone's registration process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.