Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20200115-01-LDAP
HistoryJan 15, 2020 - 12:00 a.m.

Security Advisory - Two Integer Overflow Vulnerabilities in LDAP of Some Huawei Products

2020-01-1500:00:00
Huawei Technologies
www.huawei.com
46

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.8%

JSON

There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. (Vulnerability ID: HWPSIRT-2017-11033)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-19413.

There is an integer overflow access vulnerability in LDAP server of some Huawei products. A remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. (Vulnerability ID: HWPSIRT-2017-11034)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-19414.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en

Affected configurations

Vulners
Node
huaweidbs3900_tdd_lte_firmwareMatchv100r003c00
OR
huaweidbs3900_tdd_lte_firmwareMatchv100r004c10
OR
huaweidp300_firmwareMatchv500r002c00
OR
huaweirp200_firmwareMatchv500r002c00spc200
OR
huaweirp200_firmwareMatchv600r006c00
OR
huaweite30_firmwareMatchv100r001c10
OR
huaweite30_firmwareMatchv600r006c00
OR
huaweite40_firmwareMatchv600r006c00
OR
huaweite50_firmwareMatchv600r006c00
OR
huaweite60_firmwareMatchv100r001c10
OR
huaweite60_firmwareMatchv500r002c00
OR
huaweite60_firmwareMatchv600r006c00
VendorProductVersionCPE
huaweidbs3900_tdd_lte_firmwarev100r003c00cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:*:*:*:*:*:*:*
huaweidbs3900_tdd_lte_firmwarev100r004c10cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
huaweirp200_firmwarev500r002c00spc200cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:*:*:*:*:*:*:*
huaweirp200_firmwarev600r006c00cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*
huaweite30_firmwarev100r001c10cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*
huaweite30_firmwarev600r006c00cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*
huaweite40_firmwarev600r006c00cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*
huaweite50_firmwarev600r006c00cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*
huaweite60_firmwarev100r001c10cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*
Rows per page:
1-10 of 121

Related

cve 2
prion 2
cvelist 2
nvd 2
cve
cve
CVE-2019-19414
2020-01-21 23:15:13
CVE-2019-19413
2020-01-21 23:15:13
prion
prion
Integer overflow
2020-01-21 23:15:00
Integer overflow
2020-01-21 23:15:00
cvelist
cvelist
CVE-2019-19414
2020-01-21 22:54:32
CVE-2019-19413
2020-01-21 22:54:22
nvd
nvd
CVE-2019-19414
2020-01-21 23:15:13
CVE-2019-19413
2020-01-21 23:15:13

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.8%

JSON
Related for HUAWEI-SA-20200115-01-LDAP
cve2prion2cvelist2nvd2