CVE-2019-5280

MEDIUM Year: 2019
CVSS v3 Score
6.5
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones.

Related Vulnerabilities

CVE-2007-5967

MEDIUM
CVSS:6.5(Medium)

A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.

CWE-2952007

CVE-2011-2669

MEDIUM
CVSS:6.5(Medium)

Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.

CWE-2952011

CVE-2013-6662

MEDIUM
CVSS:6.5(Medium)

Google Chrome caches TLS sessions before certificate validation occurs.

CWE-2952013

CVE-2014-3250

MEDIUM
CVSS:6.5(Medium)

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certif...

CWE-2952014

CVE-2017-18479

MEDIUM
CVSS:6.5(Medium)

In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).

CWE-2952017

CVE-2017-2629

MEDIUM
CVSS:6.5(Medium)

curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or fa...

CWE-2952017