Details of VAR-202001-0531

ID

VAR-202001-0531

CVE

CVE-2019-19413

TITLE

plural Huawei Integer overflow vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014287

DESCRIPTION

There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. plural Huawei The product contains an integer overflow vulnerability.Denial of service (DoS) May be in a state

Trust: 1.62

sources: NVD: CVE-2019-19413 // JVNDB: JVNDB-2019-014287

AFFECTED PRODUCTS

vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	dbs3900 tdd lte	scope:	eq	version:	v100r003c00	Trust: 1.0
vendor:	huawei	model:	dbs3900 tdd lte	scope:	eq	version:	v100r004c10	Trust: 1.0
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	rp200	scope:	eq	version:	v500r002c00spc200	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	dbs3900 tdd lte	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	dp300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rp200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te30	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te40	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te50	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te60	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-014287 // NVD: CVE-2019-19413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19413
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-19413
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202001-782
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-19413
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-19413
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19413
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-014287 // CNNVD: CNNVD-202001-782 // NVD: CVE-2019-19413

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.0
problemtype:	Integer overflow or wraparound (CWE-190) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-014287 // NVD: CVE-2019-19413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-782

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-782

PATCH

title:	huawei-sa-20200115-01-ldap	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en	Trust: 0.8
title:	Multiple Huawei product LDAP Repair measures for client security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107110	Trust: 0.6

sources: JVNDB: JVNDB-2019-014287 // CNNVD: CNNVD-202001-782

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19413	Trust: 2.4
db:	JVNDB	id:	JVNDB-2019-014287	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-782	Trust: 0.6

sources: JVNDB: JVNDB-2019-014287 // CNNVD: CNNVD-202001-782 // NVD: CVE-2019-19413

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19413	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-01-ldap-cn	Trust: 0.6

sources: JVNDB: JVNDB-2019-014287 // CNNVD: CNNVD-202001-782 // NVD: CVE-2019-19413

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-202001-782

SOURCES

db:	JVNDB	id:	JVNDB-2019-014287
db:	CNNVD	id:	CNNVD-202001-782
db:	NVD	id:	CVE-2019-19413

LAST UPDATE DATE

2024-11-23T22:05:50.930000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-014287	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-782	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2019-19413	date:	2024-11-21T04:34:43.700

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-014287	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-782	date:	2020-01-15T00:00:00
db:	NVD	id:	CVE-2019-19413	date:	2020-01-21T23:15:13.270