{"containers": {"cna": {"affected": [{"product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60", "vendor": "n/a", "versions": [{"status": "affected", "version": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"}, {"status": "affected", "version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"}, {"status": "affected", "version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"}, {"status": "affected", "version": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"}, {"status": "affected", "version": "V100R003C00,V100R004C10"}, {"status": "affected", "version": "V500R002C00"}, {"status": "affected", "version": "V500R002C00SPC200,V600R006C00"}, {"status": "affected", "version": "V100R001C10,V600R006C00"}, {"status": "affected", "version": "V600R006C00"}, {"status": "affected", "version": "V100R001C10,V500R002C00,V600R006C00"}, {"status": "affected", "version": "unspecified"}]}], "descriptions": [{"lang": "en", "value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."}], "problemTypes": [{"descriptions": [{"description": "Two Integer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-21T22:54:32", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-19414", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60", "version": {"version_data": [{"version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"}, {"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"}, {"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"}, {"version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"}, {"version_value": "V100R003C00,V100R004C10"}, {"version_value": "V500R002C00"}, {"version_value": "V500R002C00SPC200,V600R006C00"}, {"version_value": "V100R001C10,V600R006C00"}, {"version_value": "V600R006C00"}, {"version_value": "V600R006C00"}, {"version_value": "V100R001C10,V500R002C00,V600R006C00"}, {"version_value": ""}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Two Integer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:16:47.054Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-19414", "datePublished": "2020-01-21T22:54:32", "dateReserved": "2019-11-29T00:00:00", "dateUpdated": "2024-08-05T02:16:47.054Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "403CCA52-CB4F-4ABC-B7CF-4FAD9E12E1CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:*:*:*:*:*:*:*", "matchCriteriaId": "FFAB4847-06F9-4A7C-9CFD-99DC7635166E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:dbs3900_tdd_lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "03FCC014-251D-4BE8-A43E-01456A28AEEC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:*:*:*:*:*:*:*", "matchCriteriaId": "0BC535D5-0C05-4695-976F-ACF447431A6F", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "67731A77-1DD4-49B2-B437-2850C9583750", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "matchCriteriaId": "98275088-2FBE-42F4-AAEC-DF02950B803D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "matchCriteriaId": "DA3EF476-42D7-4758-8DCB-373F46BF1CF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "018039EB-7265-4B71-B462-4734FD1D0503", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "matchCriteriaId": "1146F99B-5344-4CD3-AF3F-CD3FE6F6DD91", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "931FD3B3-A333-4277-AE55-494F5DB9F09F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "matchCriteriaId": "45C3AF58-E030-4E12-A2FD-A4337A5021ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "A70F8924-DC80-4D6F-BA3E-DBFE32FED788", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4F188B3-0A63-4704-9B0D-F8DF5D973FA5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "matchCriteriaId": "092C9FAF-8892-4E16-9C0E-BB1E3488C6C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "01BC9042-0485-437F-811F-F8898B3B7EA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "4A29049D-F472-4772-8750-20730DA624E9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "matchCriteriaId": "999117E9-90C8-4E76-90B5-7D364C0B84BF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento de enteros en el servidor LDAP de algunos productos Huawei. Debido a una comprobaci\u00f3n de entrada insuficiente, un atacante remoto podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes malformados hacia los dispositivos de destino. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar el bloqueo del sistema afectado."}], "id": "CVE-2019-19414", "lastModified": "2024-11-21T04:34:43.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-21T23:15:13.367", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}