Details of VAR-202001-0532

ID

VAR-202001-0532

CVE

CVE-2019-19414

TITLE

plural Huawei Integer overflow vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014286

DESCRIPTION

There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. plural Huawei The product contains an integer overflow vulnerability.Denial of service (DoS) May be in a state

Trust: 1.62

sources: NVD: CVE-2019-19414 // JVNDB: JVNDB-2019-014286

AFFECTED PRODUCTS

vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	dbs3900 tdd lte	scope:	eq	version:	v100r003c00	Trust: 1.0
vendor:	huawei	model:	dbs3900 tdd lte	scope:	eq	version:	v100r004c10	Trust: 1.0
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	rp200	scope:	eq	version:	v500r002c00spc200	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	dbs3900 tdd lte	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	dp300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rp200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te30	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te40	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te50	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te60	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-014286 // NVD: CVE-2019-19414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19414
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-19414
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202001-781
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-19414
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-19414
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19414
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-014286 // CNNVD: CNNVD-202001-781 // NVD: CVE-2019-19414

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.0
problemtype:	Integer overflow or wraparound (CWE-190) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-014286 // NVD: CVE-2019-19414

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-781

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-781

PATCH

title:	huawei-sa-20200115-01-ldap	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en	Trust: 0.8
title:	Multiple Huawei product LDAP Repair measures for client security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107109	Trust: 0.6

sources: JVNDB: JVNDB-2019-014286 // CNNVD: CNNVD-202001-781

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19414	Trust: 2.4
db:	JVNDB	id:	JVNDB-2019-014286	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-781	Trust: 0.6

sources: JVNDB: JVNDB-2019-014286 // CNNVD: CNNVD-202001-781 // NVD: CVE-2019-19414

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19414	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-01-ldap-cn	Trust: 0.6

sources: JVNDB: JVNDB-2019-014286 // CNNVD: CNNVD-202001-781 // NVD: CVE-2019-19414

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-202001-781

SOURCES

db:	JVNDB	id:	JVNDB-2019-014286
db:	CNNVD	id:	CNNVD-202001-781
db:	NVD	id:	CVE-2019-19414

LAST UPDATE DATE

2024-11-23T23:11:35.598000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-014286	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-781	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2019-19414	date:	2024-11-21T04:34:43.830

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-014286	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-781	date:	2020-01-15T00:00:00
db:	NVD	id:	CVE-2019-19414	date:	2020-01-21T23:15:13.367