Integer Overflow Vulnerability in Huawei LDAP Client
CVE-2019-19413

7.5HIGH

Summary

An integer overflow vulnerability exists in the LDAP client of several Huawei products. This flaw stems from inadequate input validation, allowing a remote attacker to craft and send malformed packets to targeted devices. If successfully exploited, this can lead to a crash of the affected system, compromising its stability and availability.

Affected Version(s)

CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50

CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800

CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.