#VU24340 Integer overflow in Huawei products - CVE-2019-19413
Published: January 16, 2020
Vulnerability identifier: #VU24340
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-19413
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei CloudEngine 12800
Huawei CloudEngine 5800
Huawei CloudEngine 6800
Huawei CloudEngine 7800
Huawei DBS3900 TDD LTE
Huawei DP300
Huawei RP200
Huawei TE30
Huawei TE40
Huawei TE50
Huawei TE60
Huawei CloudEngine 12800
Huawei CloudEngine 5800
Huawei CloudEngine 6800
Huawei CloudEngine 7800
Huawei DBS3900 TDD LTE
Huawei DP300
Huawei RP200
Huawei TE30
Huawei TE40
Huawei TE50
Huawei TE60
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in LDAP client. A remote attacker can send a specially crafted packet, trigger integer overflow and cause a denial of service condition on the target system.
Remediation
Install updates from vendor's website.