Integer Overflow Vulnerability in Huawei LDAP Client
CVE-2019-19413

7.5HIGH

Key Information:

Vendor: Huawei
Status: Cloudengine 12800;cloudengine 5800;cloudengine 6800;cloudengine 7800;dbs3900 Tdd Lte;dp300;rp200;te30;te40;te50;te60
Vendor: CVE Published:; 21 January 2020

Summary

An integer overflow vulnerability exists in the LDAP client of several Huawei products. This flaw stems from inadequate input validation, allowing a remote attacker to craft and send malformed packets to targeted devices. If successfully exploited, this can lead to a crash of the affected system, compromising its stability and availability.

Affected Version(s)

CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50

CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800

CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2020
Vulnerability Reserved
Nov 29, 2019