All the vulnerabilites related to huawei - dbs3900_tdd_lte_firmware
cve-2019-19414
Vulnerability from cvelistv5
Published
2020-01-21 22:54
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 |
Version: V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50 Version: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800 Version: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50 Version: V100R005C00,V100R005C10,V200R001C00,V200R002C50 Version: V100R003C00,V100R004C10 Version: V500R002C00 Version: V500R002C00SPC200,V600R006C00 Version: V100R001C10,V600R006C00 Version: V600R006C00 Version: V100R001C10,V500R002C00,V600R006C00 Version: unspecified |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R003C00,V100R004C10"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "V500R002C00SPC200,V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V600R006C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V500R002C00,V600R006C00"
},
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Two Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T22:54:32",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"version": {
"version_data": [
{
"version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"version_value": "V100R003C00,V100R004C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V500R002C00SPC200,V600R006C00"
},
{
"version_value": "V100R001C10,V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V100R001C10,V500R002C00,V600R006C00"
},
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Two Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19414",
"datePublished": "2020-01-21T22:54:32",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19413
Vulnerability from cvelistv5
Published
2020-01-21 22:54
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60 |
Version: V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50 Version: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800 Version: V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50 Version: V100R005C00,V100R005C10,V200R001C00,V200R002C50 Version: V100R003C00,V100R004C10 Version: V500R002C00 Version: V500R002C00SPC200,V600R006C00 Version: V100R001C10,V600R006C00 Version: V600R006C00 Version: V100R001C10,V500R002C00,V600R006C00 Version: unspecified |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"status": "affected",
"version": "V100R003C00,V100R004C10"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "V500R002C00SPC200,V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V600R006C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "V100R001C10,V500R002C00,V600R006C00"
},
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Two Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T22:54:22",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60",
"version": {
"version_data": [
{
"version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800"
},
{
"version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50"
},
{
"version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50"
},
{
"version_value": "V100R003C00,V100R004C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V500R002C00SPC200,V600R006C00"
},
{
"version_value": "V100R001C10,V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "V100R001C10,V500R002C00,V600R006C00"
},
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Two Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19413",
"datePublished": "2020-01-21T22:54:22",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15326
Vulnerability from cvelistv5
Published
2018-03-23 16:00
Modified
2024-09-16 20:53
Severity ?
EPSS score ?
Summary
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | DBS3900 TDD LTE |
Version: V100R003C00, V100R004C10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DBS3900 TDD LTE",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R003C00, V100R004C10"
}
]
}
],
"datePublic": "2018-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "weak encryption algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-23T15:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2018-03-21T00:00:00",
"ID": "CVE-2017-15326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DBS3900 TDD LTE",
"version": {
"version_data": [
{
"version_value": "V100R003C00, V100R004C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "weak encryption algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15326",
"datePublished": "2018-03-23T16:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-16T20:53:07.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-03-23 16:29
Modified
2024-11-21 03:14
Severity ?
Summary
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | dbs3900_tdd_lte_firmware | v100r003c00 | |
| huawei | dbs3900_tdd_lte_firmware | v100r004c10 | |
| huawei | dbs3900_tdd_lte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "403CCA52-CB4F-4ABC-B7CF-4FAD9E12E1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4847-06F9-4A7C-9CFD-99DC7635166E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:dbs3900_tdd_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03FCC014-251D-4BE8-A43E-01456A28AEEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."
},
{
"lang": "es",
"value": "DBS3900 LTE TDD versiones V100R003C00 y V100R004C10 tiene una vulnerabilidad de seguridad de algoritmo de cifrado d\u00e9bil. DBS3900 LTE TDD soporta la negociaci\u00f3n de protocolos SSL/TLS empleando algoritmos de cifrado inseguros. Si se negocia un algoritmo de cifrado inseguro en la comunicaci\u00f3n, un atacante remoto no autenticado puede explotar esta vulnerabilidad para descifrar los datos cifrados y provocar una fuga de informaci\u00f3n."
}
],
"id": "CVE-2017-15326",
"lastModified": "2024-11-21T03:14:28.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-23T16:29:00.177",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-21 23:15
Modified
2024-11-21 04:34
Severity ?
Summary
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | dbs3900_tdd_lte_firmware | v100r003c00 | |
| huawei | dbs3900_tdd_lte_firmware | v100r004c10 | |
| huawei | dbs3900_tdd_lte | - | |
| huawei | dp300_firmware | v500r002c00 | |
| huawei | dp300 | - | |
| huawei | rp200_firmware | v500r002c00spc200 | |
| huawei | rp200_firmware | v600r006c00 | |
| huawei | rp200 | - | |
| huawei | te30_firmware | v100r001c10 | |
| huawei | te30_firmware | v600r006c00 | |
| huawei | te30 | - | |
| huawei | te40_firmware | v600r006c00 | |
| huawei | te40 | - | |
| huawei | te50_firmware | v600r006c00 | |
| huawei | te50 | - | |
| huawei | te60_firmware | v100r001c10 | |
| huawei | te60_firmware | v500r002c00 | |
| huawei | te60_firmware | v600r006c00 | |
| huawei | te60 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "403CCA52-CB4F-4ABC-B7CF-4FAD9E12E1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4847-06F9-4A7C-9CFD-99DC7635166E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:dbs3900_tdd_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03FCC014-251D-4BE8-A43E-01456A28AEEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC535D5-0C05-4695-976F-ACF447431A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "67731A77-1DD4-49B2-B437-2850C9583750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98275088-2FBE-42F4-AAEC-DF02950B803D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EF476-42D7-4758-8DCB-373F46BF1CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "018039EB-7265-4B71-B462-4734FD1D0503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F99B-5344-4CD3-AF3F-CD3FE6F6DD91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "931FD3B3-A333-4277-AE55-494F5DB9F09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45C3AF58-E030-4E12-A2FD-A4337A5021ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A70F8924-DC80-4D6F-BA3E-DBFE32FED788",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F188B3-0A63-4704-9B0D-F8DF5D973FA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*",
"matchCriteriaId": "092C9FAF-8892-4E16-9C0E-BB1E3488C6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC9042-0485-437F-811F-F8898B3B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4A29049D-F472-4772-8750-20730DA624E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "999117E9-90C8-4E76-90B5-7D364C0B84BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de desbordamiento de enteros en el servidor LDAP de algunos productos Huawei. Debido a una comprobaci\u00f3n de entrada insuficiente, un atacante remoto podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes malformados hacia los dispositivos de destino. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar el bloqueo del sistema afectado."
}
],
"id": "CVE-2019-19414",
"lastModified": "2024-11-21T04:34:43.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-21T23:15:13.367",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-21 23:15
Modified
2024-11-21 04:34
Severity ?
Summary
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | dbs3900_tdd_lte_firmware | v100r003c00 | |
| huawei | dbs3900_tdd_lte_firmware | v100r004c10 | |
| huawei | dbs3900_tdd_lte | - | |
| huawei | dp300_firmware | v500r002c00 | |
| huawei | dp300 | - | |
| huawei | rp200_firmware | v500r002c00spc200 | |
| huawei | rp200_firmware | v600r006c00 | |
| huawei | rp200 | - | |
| huawei | te30_firmware | v100r001c10 | |
| huawei | te30_firmware | v600r006c00 | |
| huawei | te30 | - | |
| huawei | te40_firmware | v600r006c00 | |
| huawei | te40 | - | |
| huawei | te50_firmware | v600r006c00 | |
| huawei | te50 | - | |
| huawei | te60_firmware | v100r001c10 | |
| huawei | te60_firmware | v500r002c00 | |
| huawei | te60_firmware | v600r006c00 | |
| huawei | te60 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "403CCA52-CB4F-4ABC-B7CF-4FAD9E12E1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAB4847-06F9-4A7C-9CFD-99DC7635166E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:dbs3900_tdd_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03FCC014-251D-4BE8-A43E-01456A28AEEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC535D5-0C05-4695-976F-ACF447431A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "67731A77-1DD4-49B2-B437-2850C9583750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98275088-2FBE-42F4-AAEC-DF02950B803D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EF476-42D7-4758-8DCB-373F46BF1CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "018039EB-7265-4B71-B462-4734FD1D0503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F99B-5344-4CD3-AF3F-CD3FE6F6DD91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "931FD3B3-A333-4277-AE55-494F5DB9F09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45C3AF58-E030-4E12-A2FD-A4337A5021ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A70F8924-DC80-4D6F-BA3E-DBFE32FED788",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F188B3-0A63-4704-9B0D-F8DF5D973FA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*",
"matchCriteriaId": "092C9FAF-8892-4E16-9C0E-BB1E3488C6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC9042-0485-437F-811F-F8898B3B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4A29049D-F472-4772-8750-20730DA624E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "999117E9-90C8-4E76-90B5-7D364C0B84BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de desbordamiento de enteros en el cliente LDAP de algunos productos Huawei. Debido a una comprobaci\u00f3n de entrada insuficiente, un atacante remoto podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes malformados hacia los dispositivos de destino. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar el bloqueo del sistema afectado."
}
],
"id": "CVE-2019-19413",
"lastModified": "2024-11-21T04:34:43.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-21T23:15:13.270",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}