fkie_cve-2019-19413
Vulnerability from fkie_nvd
Published
2020-01-21 23:15
Modified
2024-11-21 04:34
Severity ?
Summary
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | dbs3900_tdd_lte_firmware | v100r003c00 | |
| huawei | dbs3900_tdd_lte_firmware | v100r004c10 | |
| huawei | dbs3900_tdd_lte | - | |
| huawei | dp300_firmware | v500r002c00 | |
| huawei | dp300 | - | |
| huawei | rp200_firmware | v500r002c00spc200 | |
| huawei | rp200_firmware | v600r006c00 | |
| huawei | rp200 | - | |
| huawei | te30_firmware | v100r001c10 | |
| huawei | te30_firmware | v600r006c00 | |
| huawei | te30 | - | |
| huawei | te40_firmware | v600r006c00 | |
| huawei | te40 | - | |
| huawei | te50_firmware | v600r006c00 | |
| huawei | te50 | - | |
| huawei | te60_firmware | v100r001c10 | |
| huawei | te60_firmware | v500r002c00 | |
| huawei | te60_firmware | v600r006c00 | |
| huawei | te60 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "403CCA52-CB4F-4ABC-B7CF-4FAD9E12E1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4847-06F9-4A7C-9CFD-99DC7635166E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:dbs3900_tdd_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03FCC014-251D-4BE8-A43E-01456A28AEEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC535D5-0C05-4695-976F-ACF447431A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "67731A77-1DD4-49B2-B437-2850C9583750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98275088-2FBE-42F4-AAEC-DF02950B803D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EF476-42D7-4758-8DCB-373F46BF1CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "018039EB-7265-4B71-B462-4734FD1D0503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F99B-5344-4CD3-AF3F-CD3FE6F6DD91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "931FD3B3-A333-4277-AE55-494F5DB9F09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45C3AF58-E030-4E12-A2FD-A4337A5021ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A70F8924-DC80-4D6F-BA3E-DBFE32FED788",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F188B3-0A63-4704-9B0D-F8DF5D973FA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*",
"matchCriteriaId": "092C9FAF-8892-4E16-9C0E-BB1E3488C6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC9042-0485-437F-811F-F8898B3B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4A29049D-F472-4772-8750-20730DA624E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "999117E9-90C8-4E76-90B5-7D364C0B84BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de desbordamiento de enteros en el cliente LDAP de algunos productos Huawei. Debido a una comprobaci\u00f3n de entrada insuficiente, un atacante remoto podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes malformados hacia los dispositivos de destino. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar el bloqueo del sistema afectado."
}
],
"id": "CVE-2019-19413",
"lastModified": "2024-11-21T04:34:43.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-21T23:15:13.270",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.