Vulnerability Description
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Dbs3900 Tdd Lte Firmware | v100r003c00 |
| Huawei | Dbs3900 Tdd Lte | - |
| Huawei | Dp300 Firmware | v500r002c00 |
| Huawei | Dp300 | - |
| Huawei | Rp200 Firmware | v500r002c00spc200 |
| Huawei | Rp200 | - |
| Huawei | Te30 Firmware | v100r001c10 |
| Huawei | Te30 | - |
| Huawei | Te40 Firmware | v600r006c00 |
| Huawei | Te40 | - |
| Huawei | Te50 Firmware | v600r006c00 |
| Huawei | Te50 | - |
| Huawei | Te60 Firmware | v100r001c10 |
| Huawei | Te60 | - |
Related Weaknesses (CWE)
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-eVendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-eVendor Advisory
FAQ
What is CVE-2019-19414?
CVE-2019-19414 is a vulnerability with a CVSS score of 7.5 (HIGH). There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets...
How severe is CVE-2019-19414?
CVE-2019-19414 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19414?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Dbs3900 Tdd Lte Firmware, Huawei Dbs3900 Tdd Lte, Huawei Dp300 Firmware, Huawei Dp300, Huawei Rp200 Firmware.