Integer overflow in Huawei products - CVE-2019-19413
Published: January 16, 2020
Vulnerability identifier: #VU24340
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-19413
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei CloudEngine 12800
Huawei CloudEngine 5800
Huawei CloudEngine 6800
Huawei CloudEngine 7800
Huawei DBS3900 TDD LTE
Huawei DP300
Huawei RP200
Huawei TE30
Huawei TE40
Huawei TE50
Huawei TE60
Huawei CloudEngine 12800
Huawei CloudEngine 5800
Huawei CloudEngine 6800
Huawei CloudEngine 7800
Huawei DBS3900 TDD LTE
Huawei DP300
Huawei RP200
Huawei TE30
Huawei TE40
Huawei TE50
Huawei TE60
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in LDAP client. A remote attacker can send a specially crafted packet, trigger integer overflow and cause a denial of service condition on the target system.
How to mitigate CVE-2019-19413
Install updates from vendor's website.