|Category:||Huawei EulerOS Local Security Checks|
|Title:||Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2020-2475)|
|Summary:||The remote host is missing an update for the Huawei EulerOS; 'PyYAML' package(s) announced via the EulerOS-SA-2020-2475 advisory.|
The remote host is missing an update for the Huawei EulerOS
'PyYAML' package(s) announced via the EulerOS-SA-2020-2475 advisory.
A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.(CVE-2019-1747)
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.(CVE-2019-20477)
'PyYAML' package(s) on Huawei EulerOS Virtualization 126.96.36.199.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2019-1747|
BugTraq ID: 107599
Cisco Security Advisory: 20190327 Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.