All the vulnerabilites related to huawei - ch121_v3
cve-2018-7941
Vulnerability from cvelistv5
Published
2018-05-10 14:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | iBMC |
Version: V200R002C60 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iBMC",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R002C60"
}
]
}
],
"datePublic": "2018-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iBMC",
"version": {
"version_data": [
{
"version_value": "V200R002C60"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7941",
"datePublished": "2018-05-10T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7951
Vulnerability from cvelistv5
Published
2018-06-01 14:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Version: 1288H V5 V100R005C00 Version: 2288H V5 V100R005C00 Version: 2488 V5 V100R005C00 Version: CH121 V3 V100R001C00 Version: CH121L V3 V100R001C00 Version: CH121L V5 V100R001C00 Version: CH121 V5 V100R001C00 Version: CH140 V3 V100R001C00 Version: CH140L V3 V100R001C00 Version: CH220 V3 V100R001C00 Version: CH222 V3 V100R001C00 Version: CH242 V3 V100R001C00 Version: CH242 V5 V100R001C00 Version: RH1288 V3 V100R003C00 Version: RH2288 V3 V100R003C00 Version: RH2288H V3 V100R003C00 Version: XH310 V3 V100R003C00 Version: XH321 V3 V100R003C00 Version: XH321 V5 V100R005C00 Version: XH620 V3 V100R003C00 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "JSON injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T13:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JSON injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7951",
"datePublished": "2018-06-01T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7943
Vulnerability from cvelistv5
Published
2018-06-05 15:00
Modified
2024-09-17 02:05
Severity ?
EPSS score ?
Summary
There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Version: 1288H V5 V100R005C00 Version: 2288H V5 V100R005C00 Version: 2488 V5 V100R005C00 Version: CH121 V3 V100R001C00 Version: CH121L V3 V100R001C00 Version: CH121L V5 V100R001C00 Version: CH121 V5 V100R001C00 Version: CH140 V3 V100R001C00 Version: CH140L V3 V100R001C00 Version: CH220 V3 V100R001C00 Version: CH222 V3 V100R001C00 Version: CH242 V3 V100R001C00 Version: CH242 V5 V100R001C00 Version: RH1288 V3 V100R003C00 Version: RH2288 V3 V100R003C00 Version: RH2288H V3 V100R003C00 Version: XH310 V3 V100R003C00 Version: XH321 V3 V100R003C00 Version: XH321 V5 V100R005C00 Version: XH620 V3 V100R003C00 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T14:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2018-05-30T00:00:00",
"ID": "CVE-2018-7943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7943",
"datePublished": "2018-06-05T15:00:00Z",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-09-17T02:05:37.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7949
Vulnerability from cvelistv5
Published
2018-06-01 14:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Version: 1288H V5 V100R005C00 Version: 2288H V5 V100R005C00 Version: 2488 V5 V100R005C00 Version: CH121 V3 V100R001C00 Version: CH121L V3 V100R001C00 Version: CH121L V5 V100R001C00 Version: CH121 V5 V100R001C00 Version: CH140 V3 V100R001C00 Version: CH140L V3 V100R001C00 Version: CH220 V3 V100R001C00 Version: CH222 V3 V100R001C00 Version: CH242 V3 V100R001C00 Version: CH242 V5 V100R001C00 Version: RH1288 V3 V100R003C00 Version: RH2288 V3 V100R003C00 Version: RH2288H V3 V100R003C00 Version: XH310 V3 V100R003C00 Version: XH321 V3 V100R003C00 Version: XH321 V5 V100R005C00 Version: XH620 V3 V100R003C00 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T13:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7949",
"datePublished": "2018-06-01T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7842
Vulnerability from cvelistv5
Published
2017-10-09 14:00
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/76836 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7842",
"datePublished": "2017-10-09T14:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7942
Vulnerability from cvelistv5
Published
2018-05-24 14:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Version: 1288H V5 V100R005C00 Version: 2288H V5 V100R005C00 Version: 2488 V5 V100R005C00 Version: CH121 V3 V100R001C00 Version: CH121L V3 V100R001C00 Version: CH121L V5 V100R001C00 Version: CH121 V5 V100R001C00 Version: CH140 V3 V100R001C00 Version: CH140L V3 V100R001C00 Version: CH220 V3 V100R001C00 Version: CH222 V3 V100R001C00 Version: CH242 V3 V100R001C00 Version: CH242 V5 V100R001C00 Version: RH1288 V3 V100R003C00 Version: RH2288 V3 V100R003C00 Version: RH2288H V3 V100R003C00 Version: XH310 V3 V100R003C00 Version: XH321 V3 V100R003C00 Version: XH321 V5 V100R005C00 Version: XH620 V3 V100R003C00 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7942",
"datePublished": "2018-05-24T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7950
Vulnerability from cvelistv5
Published
2018-06-01 14:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Version: 1288H V5 V100R005C00 Version: 2288H V5 V100R005C00 Version: 2488 V5 V100R005C00 Version: CH121 V3 V100R001C00 Version: CH121L V3 V100R001C00 Version: CH121L V5 V100R001C00 Version: CH121 V5 V100R001C00 Version: CH140 V3 V100R001C00 Version: CH140L V3 V100R001C00 Version: CH220 V3 V100R001C00 Version: CH222 V3 V100R001C00 Version: CH242 V3 V100R001C00 Version: CH242 V5 V100R001C00 Version: RH1288 V3 V100R003C00 Version: RH2288 V3 V100R003C00 Version: RH2288H V3 V100R003C00 Version: XH310 V3 V100R003C00 Version: XH321 V3 V100R003C00 Version: XH321 V5 V100R005C00 Version: XH620 V3 V100R003C00 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "JSON injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T13:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JSON injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7950",
"datePublished": "2018-06-01T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-06-01 14:29
Modified
2024-11-21 04:13
Severity ?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "970A03A9-3BD3-47CB-AE3E-DC6C354BB900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A97FE467-E5EB-45B4-B7EA-2E8232307CEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF6E61-7CF1-4CEF-9282-17102E56B38E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E01F546-8E5E-4A5A-B921-DF985FF1D7ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5D757021-44CA-4B8D-A194-7B0DEE47E5B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8494E22-C84A-4201-96A3-02D8CBAC7C02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5283ACDA-CCB2-47F6-BCB6-5085E93B9F6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9E151-2924-47F8-A20B-E413C548F9AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA0F25-613F-4D42-B634-6B7D3E57E3F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58588D8E-57C2-466C-96DD-B7F679AC7EA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFD6C9-5A39-4D9A-824E-6DD1B51C47D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "57A7E8BA-EF5A-4103-BF2E-0118FB53535E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2E997-5EC8-46F3-9AC9-B06A01FBBF92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B2CB6B-D216-4239-A023-5A22CDB17863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C4EBB9-35CB-4EA3-80AA-005785806CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140l_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2776-0288-4B9F-B7F1-246A857DEAA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF1B2D3-C978-4014-8FE6-1A39BCBA0F34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch220_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4929308D-56EE-4A2E-BD4A-8200A9D5BF8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D24534-B42F-48F4-8E04-5C6CFD64C4B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch222_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "30660352-38A5-455D-8779-35343DD44DE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69FEA658-EC41-4E35-B36D-42C4770E44ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E85B51FC-9C85-4B5C-B544-40D1B02F06EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2637E43-1937-4320-AAF4-3770C332B66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BAC240-B572-4BB3-B807-0B55BFCD2164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F38C6CB2-4851-43E9-B608-99857AEEE900",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh1288_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "453060FA-4F69-44F2-8DD5-CDCFEEA50A19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C20F56E3-3F39-4038-9918-96F1EAB82A85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D20D0CB7-84E0-4CE7-8F0D-51F44C967F79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C453A0-D125-4152-A8BF-E369F7D48322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh310_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8D014565-6F10-4A2D-AA6B-1BDDD3CDD8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh310_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8823E10A-ADA2-4364-A4F3-A0BCD64DACC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "271064EB-1DC1-405F-88F5-A8F72270116E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC29DFDD-8B50-48FC-9700-BDF766B6986B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "70E83CF9-5D63-4D4B-AFD8-FAD77A48DF1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62587B2F-1C9F-4BE5-8E4B-8713ACAA0AA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288h_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "03777710-8412-4675-A98F-E19AC1C0FFF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh620_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "79316C79-B48D-4FC6-BD8A-29350FB12234",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh620_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA54C1AF-8F77-4D40-B938-38887782D3AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
},
{
"lang": "es",
"value": "iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de inyecci\u00f3n JSON debido a una validaci\u00f3n de entradas insuficiente. Un atacante remoto autenticado puede desencadenar una inyecci\u00f3n JSON para modificar la contrase\u00f1a del administrador. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que atacantes obtengan el privilegio de gesti\u00f3n del sistema."
}
],
"id": "CVE-2018-7951",
"lastModified": "2024-11-21T04:13:00.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-01T14:29:00.877",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-24 14:29
Modified
2024-11-21 04:12
Severity ?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | 1288h_v5_firmware | 100r005c00 | |
| huawei | 1288h_v5 | - | |
| huawei | 2288h_v5_firmware | 100r005c00 | |
| huawei | 2288h_v5 | - | |
| huawei | 2488_v5_firmware | 100r005c00 | |
| huawei | 2488_v5 | - | |
| huawei | ch242_v3_firmware | 100r001c00 | |
| huawei | ch242_v3 | - | |
| huawei | ch121l_v3_firmware | 100r001c00 | |
| huawei | ch121l_v3 | - | |
| huawei | ch121l_v5_firmware | 100r001c00 | |
| huawei | ch121l_v5 | - | |
| huawei | ch121_v3_firmware | 100r001c00 | |
| huawei | ch121_v3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "970A03A9-3BD3-47CB-AE3E-DC6C354BB900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A97FE467-E5EB-45B4-B7EA-2E8232307CEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF6E61-7CF1-4CEF-9282-17102E56B38E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E01F546-8E5E-4A5A-B921-DF985FF1D7ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5D757021-44CA-4B8D-A194-7B0DEE47E5B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8494E22-C84A-4201-96A3-02D8CBAC7C02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E85B51FC-9C85-4B5C-B544-40D1B02F06EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2637E43-1937-4320-AAF4-3770C332B66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA0F25-613F-4D42-B634-6B7D3E57E3F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58588D8E-57C2-466C-96DD-B7F679AC7EA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFD6C9-5A39-4D9A-824E-6DD1B51C47D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5283ACDA-CCB2-47F6-BCB6-5085E93B9F6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9E151-2924-47F8-A20B-E413C548F9AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."
},
{
"lang": "es",
"value": "iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto no autenticado podr\u00eda enviar algunos mensajes especialmente manipulados a los productos afectados. Debido al dise\u00f1o incorrecto de la autenticaci\u00f3n, su explotaci\u00f3n con \u00e9xito podr\u00eda provocar un filtrado de informaci\u00f3n."
}
],
"id": "CVE-2018-7942",
"lastModified": "2024-11-21T04:12:59.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-24T14:29:00.610",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Broken Link"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-01 14:29
Modified
2024-11-21 04:13
Severity ?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "970A03A9-3BD3-47CB-AE3E-DC6C354BB900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A97FE467-E5EB-45B4-B7EA-2E8232307CEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF6E61-7CF1-4CEF-9282-17102E56B38E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E01F546-8E5E-4A5A-B921-DF985FF1D7ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5D757021-44CA-4B8D-A194-7B0DEE47E5B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8494E22-C84A-4201-96A3-02D8CBAC7C02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5283ACDA-CCB2-47F6-BCB6-5085E93B9F6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9E151-2924-47F8-A20B-E413C548F9AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA0F25-613F-4D42-B634-6B7D3E57E3F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58588D8E-57C2-466C-96DD-B7F679AC7EA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFD6C9-5A39-4D9A-824E-6DD1B51C47D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "57A7E8BA-EF5A-4103-BF2E-0118FB53535E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2E997-5EC8-46F3-9AC9-B06A01FBBF92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B2CB6B-D216-4239-A023-5A22CDB17863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C4EBB9-35CB-4EA3-80AA-005785806CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140l_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2776-0288-4B9F-B7F1-246A857DEAA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF1B2D3-C978-4014-8FE6-1A39BCBA0F34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch220_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4929308D-56EE-4A2E-BD4A-8200A9D5BF8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D24534-B42F-48F4-8E04-5C6CFD64C4B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch222_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "30660352-38A5-455D-8779-35343DD44DE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69FEA658-EC41-4E35-B36D-42C4770E44ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E85B51FC-9C85-4B5C-B544-40D1B02F06EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2637E43-1937-4320-AAF4-3770C332B66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BAC240-B572-4BB3-B807-0B55BFCD2164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F38C6CB2-4851-43E9-B608-99857AEEE900",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh1288_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "453060FA-4F69-44F2-8DD5-CDCFEEA50A19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C20F56E3-3F39-4038-9918-96F1EAB82A85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D20D0CB7-84E0-4CE7-8F0D-51F44C967F79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C453A0-D125-4152-A8BF-E369F7D48322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh310_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8D014565-6F10-4A2D-AA6B-1BDDD3CDD8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh310_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8823E10A-ADA2-4364-A4F3-A0BCD64DACC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "271064EB-1DC1-405F-88F5-A8F72270116E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC29DFDD-8B50-48FC-9700-BDF766B6986B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "70E83CF9-5D63-4D4B-AFD8-FAD77A48DF1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62587B2F-1C9F-4BE5-8E4B-8713ACAA0AA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288h_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "03777710-8412-4675-A98F-E19AC1C0FFF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh620_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "79316C79-B48D-4FC6-BD8A-29350FB12234",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh620_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA54C1AF-8F77-4D40-B938-38887782D3AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
},
{
"lang": "es",
"value": "iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de escalado de privilegios. Un atacante remoto no autenticado podr\u00eda enviar algunos mensajes de inicio de sesi\u00f3n especialmente manipulados a los productos afectados. Debido al dise\u00f1o de autenticaci\u00f3n incorrecto, su explotaci\u00f3n exitosa permitir que usuarios con bajos privilegios obtengan o modifiquen contrase\u00f1as de usuarios con muchos privilegios."
}
],
"id": "CVE-2018-7949",
"lastModified": "2024-11-21T04:13:00.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-01T14:29:00.787",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-05 15:29
Modified
2024-11-21 04:13
Severity ?
Summary
There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:1288h_v5_firmware:v100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "40D2568F-0B77-40A2-AA93-278BE46231C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A97FE467-E5EB-45B4-B7EA-2E8232307CEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2288h_v5_firmware:v100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "0152651D-882D-4ED9-9FC7-F820A597FA6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E01F546-8E5E-4A5A-B921-DF985FF1D7ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2488_v5_firmware:v100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCEA7BB-CD55-4F09-B43D-41BFB4ADFBFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8494E22-C84A-4201-96A3-02D8CBAC7C02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v3_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8C124EED-41A3-447B-909D-A77CBF12C7CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9E151-2924-47F8-A20B-E413C548F9AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v3_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDDBEA9-7D8B-4297-AC36-4A9A60EFA84C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58588D8E-57C2-466C-96DD-B7F679AC7EA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v5_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC39EC1-2BA7-4D4A-8BB7-F3B98B13711C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v5_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "CE562D3B-611B-4BB5-B9C3-F719BB38D47B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2E997-5EC8-46F3-9AC9-B06A01FBBF92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140_v3_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D036DA-9AD2-453A-BD64-64C9A8B702CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C4EBB9-35CB-4EA3-80AA-005785806CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140l_v3_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7A9E3C-E2AE-44BD-84BB-3D61B3043D9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF1B2D3-C978-4014-8FE6-1A39BCBA0F34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch220_v3_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "36061858-18ED-4F9F-AA66-15ED33EFDA96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D24534-B42F-48F4-8E04-5C6CFD64C4B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch222_v3_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDF5C51-485F-4634-B985-508ED38F7A9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69FEA658-EC41-4E35-B36D-42C4770E44ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v3_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "563AC0A9-568C-4010-9142-28C88349B587",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2637E43-1937-4320-AAF4-3770C332B66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v5_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA4F054-5DD1-41DD-89B0-DD60FEC233D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F38C6CB2-4851-43E9-B608-99857AEEE900",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh1288_v3_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "04E82A05-5922-48BF-95B0-EE08A80E0070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C20F56E3-3F39-4038-9918-96F1EAB82A85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288_v3_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5D56D3C5-C96C-4B82-A22A-4F9E35A45786",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C453A0-D125-4152-A8BF-E369F7D48322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288h_v3_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC5328E-0239-4A84-9D38-F9AB8D19ABBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh310_v3_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC5E6CD-171C-4991-99BD-109F7817666D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh310_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8823E10A-ADA2-4364-A4F3-A0BCD64DACC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v3_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD9834-0C3F-41A1-8155-19426E47E23B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC29DFDD-8B50-48FC-9700-BDF766B6986B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v5_firmware:v100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "B01CB1D4-B34F-4718-A542-7F4244A55A8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62587B2F-1C9F-4BE5-8E4B-8713ACAA0AA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh620_v3_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC82BB7-D6A2-449A-98D2-7DE8F07A837B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh620_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA54C1AF-8F77-4D40-B938-38887782D3AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en algunos servidores Huawei. Un atacante remoto con pocos privilegios podr\u00eda omitir la autenticaci\u00f3n por medio de algunas operaciones especiales. Debido a una autenticaci\u00f3n insuficiente, un atacante podr\u00eda explotar la vulnerabilidad para obtener informaci\u00f3n sensible y privilegios de usuarios de alto nivel."
}
],
"id": "CVE-2018-7943",
"lastModified": "2024-11-21T04:13:00.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-05T15:29:00.457",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-10 14:29
Modified
2024-11-21 04:12
Severity ?
Summary
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5283ACDA-CCB2-47F6-BCB6-5085E93B9F6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9E151-2924-47F8-A20B-E413C548F9AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA0F25-613F-4D42-B634-6B7D3E57E3F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58588D8E-57C2-466C-96DD-B7F679AC7EA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B2CB6B-D216-4239-A023-5A22CDB17863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C4EBB9-35CB-4EA3-80AA-005785806CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140l_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2776-0288-4B9F-B7F1-246A857DEAA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF1B2D3-C978-4014-8FE6-1A39BCBA0F34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch220_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4929308D-56EE-4A2E-BD4A-8200A9D5BF8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D24534-B42F-48F4-8E04-5C6CFD64C4B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch222_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "30660352-38A5-455D-8779-35343DD44DE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69FEA658-EC41-4E35-B36D-42C4770E44ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E85B51FC-9C85-4B5C-B544-40D1B02F06EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2637E43-1937-4320-AAF4-3770C332B66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh1288_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "453060FA-4F69-44F2-8DD5-CDCFEEA50A19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C20F56E3-3F39-4038-9918-96F1EAB82A85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D20D0CB7-84E0-4CE7-8F0D-51F44C967F79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C453A0-D125-4152-A8BF-E369F7D48322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288h_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "03777710-8412-4675-A98F-E19AC1C0FFF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh310_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8D014565-6F10-4A2D-AA6B-1BDDD3CDD8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh310_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8823E10A-ADA2-4364-A4F3-A0BCD64DACC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "271064EB-1DC1-405F-88F5-A8F72270116E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC29DFDD-8B50-48FC-9700-BDF766B6986B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh620_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "79316C79-B48D-4FC6-BD8A-29350FB12234",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh620_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA54C1AF-8F77-4D40-B938-38887782D3AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "57A7E8BA-EF5A-4103-BF2E-0118FB53535E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2E997-5EC8-46F3-9AC9-B06A01FBBF92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFD6C9-5A39-4D9A-824E-6DD1B51C47D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BAC240-B572-4BB3-B807-0B55BFCD2164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F38C6CB2-4851-43E9-B608-99857AEEE900",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "970A03A9-3BD3-47CB-AE3E-DC6C354BB900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A97FE467-E5EB-45B4-B7EA-2E8232307CEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF6E61-7CF1-4CEF-9282-17102E56B38E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E01F546-8E5E-4A5A-B921-DF985FF1D7ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5D757021-44CA-4B8D-A194-7B0DEE47E5B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8494E22-C84A-4201-96A3-02D8CBAC7C02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "70E83CF9-5D63-4D4B-AFD8-FAD77A48DF1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62587B2F-1C9F-4BE5-8E4B-8713ACAA0AA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
},
{
"lang": "es",
"value": "Huawei iBMC V200R002C60 tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto con bajos privilegios puede manipular mensajes espec\u00edficos para subir un certificado de autenticaci\u00f3n en los productos afectados. Debido a la validaci\u00f3n incorrecta de la autoridad de subida, un exploit exitoso puede provocar la elevaci\u00f3n de privilegios."
}
],
"id": "CVE-2018-7941",
"lastModified": "2024-11-21T04:12:59.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-10T14:29:00.720",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-01 14:29
Modified
2024-11-21 04:13
Severity ?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "970A03A9-3BD3-47CB-AE3E-DC6C354BB900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A97FE467-E5EB-45B4-B7EA-2E8232307CEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF6E61-7CF1-4CEF-9282-17102E56B38E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E01F546-8E5E-4A5A-B921-DF985FF1D7ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5D757021-44CA-4B8D-A194-7B0DEE47E5B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8494E22-C84A-4201-96A3-02D8CBAC7C02",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5283ACDA-CCB2-47F6-BCB6-5085E93B9F6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9E151-2924-47F8-A20B-E413C548F9AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACA0F25-613F-4D42-B634-6B7D3E57E3F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58588D8E-57C2-466C-96DD-B7F679AC7EA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "57EFD6C9-5A39-4D9A-824E-6DD1B51C47D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "57A7E8BA-EF5A-4103-BF2E-0118FB53535E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2E997-5EC8-46F3-9AC9-B06A01FBBF92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B2CB6B-D216-4239-A023-5A22CDB17863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C4EBB9-35CB-4EA3-80AA-005785806CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140l_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2776-0288-4B9F-B7F1-246A857DEAA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF1B2D3-C978-4014-8FE6-1A39BCBA0F34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch220_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4929308D-56EE-4A2E-BD4A-8200A9D5BF8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D24534-B42F-48F4-8E04-5C6CFD64C4B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch222_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "30660352-38A5-455D-8779-35343DD44DE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69FEA658-EC41-4E35-B36D-42C4770E44ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E85B51FC-9C85-4B5C-B544-40D1B02F06EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2637E43-1937-4320-AAF4-3770C332B66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v5_firmware:100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BAC240-B572-4BB3-B807-0B55BFCD2164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F38C6CB2-4851-43E9-B608-99857AEEE900",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh1288_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "453060FA-4F69-44F2-8DD5-CDCFEEA50A19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C20F56E3-3F39-4038-9918-96F1EAB82A85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D20D0CB7-84E0-4CE7-8F0D-51F44C967F79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C453A0-D125-4152-A8BF-E369F7D48322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh310_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8D014565-6F10-4A2D-AA6B-1BDDD3CDD8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh310_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8823E10A-ADA2-4364-A4F3-A0BCD64DACC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "271064EB-1DC1-405F-88F5-A8F72270116E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC29DFDD-8B50-48FC-9700-BDF766B6986B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh321_v5_firmware:100r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "70E83CF9-5D63-4D4B-AFD8-FAD77A48DF1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh321_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62587B2F-1C9F-4BE5-8E4B-8713ACAA0AA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288h_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "03777710-8412-4675-A98F-E19AC1C0FFF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh620_v3_firmware:100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "79316C79-B48D-4FC6-BD8A-29350FB12234",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh620_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA54C1AF-8F77-4D40-B938-38887782D3AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
},
{
"lang": "es",
"value": "iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de inyecci\u00f3n JSON debido a una validaci\u00f3n de entradas insuficiente. Un atacante remoto autenticado puede desencadenar una inyecci\u00f3n JSON para modificar la contrase\u00f1a del administrador. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que atacantes obtengan el privilegio de gesti\u00f3n del sistema."
}
],
"id": "CVE-2018-7950",
"lastModified": "2024-11-21T04:13:00.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-01T14:29:00.830",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-10 01:30
Modified
2024-11-21 02:37
Severity ?
Summary
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/76836 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76836 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | rh2288_v3_firmware | * | |
| huawei | rh2288_v3 | - | |
| huawei | rh2288h_v3_firmware | * | |
| huawei | rh2288h_v3 | - | |
| huawei | xh628_v3_firmware | * | |
| huawei | xh628_v3 | - | |
| huawei | rh1288_v3_firmware | * | |
| huawei | rh1288_v3 | - | |
| huawei | rh2288a_v2_firmware | * | |
| huawei | rh2288a_v2 | - | |
| huawei | rh1288a_v2_firmware | * | |
| huawei | rh1288a_v2 | - | |
| huawei | rh8100_v3_firmware | * | |
| huawei | rh8100_v3 | - | |
| huawei | ch222_v3_firmware | * | |
| huawei | ch222_v3 | - | |
| huawei | ch220_v3_firmware | * | |
| huawei | ch220_v3 | - | |
| huawei | ch121_v3_firmware | * | |
| huawei | ch121_v3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288_v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4394631B-292B-4D92-A9E1-A072D6885D7E",
"versionEndIncluding": "v100r003c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24C453A0-D125-4152-A8BF-E369F7D48322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288h_v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "800AA486-35B2-4824-98BF-2C2C650FBF9C",
"versionEndIncluding": "v100r003c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:xh628_v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC60FD2-2BE6-42D7-A13F-CD0B8C3F2916",
"versionEndIncluding": "v100r003c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:xh628_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD2E1DF-0543-49BA-B31A-12FA10EBBB61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh1288_v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44B870C5-641B-4643-A8EA-7D120AC0685A",
"versionEndIncluding": "v100r003c00spc100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C20F56E3-3F39-4038-9918-96F1EAB82A85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288a_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC9EBA9-F0AE-4895-85F7-D475F3B8EB39",
"versionEndIncluding": "v100r002c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288a_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CB6AA6-2424-41B2-92A7-81E788DB8396",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh1288a_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86924AC5-27D0-43F6-BAC5-7792C486A02F",
"versionEndIncluding": "v100r002c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh1288a_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E91ACB-82D0-4A4E-9157-5142A26E577A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh8100_v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61DC0B3B-3B30-46A4-BBA4-10BFFDE10130",
"versionEndIncluding": "v100r003c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh8100_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C021DCB-0E5D-44A2-BBB7-0A7E5B31B66D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch222_v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FD34E4-6CBF-4459-83B6-3C059BFD5EC7",
"versionEndIncluding": "v100r001c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69FEA658-EC41-4E35-B36D-42C4770E44ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch220_v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D713BF8-09AA-4546-AC28-B3E4761786E0",
"versionEndIncluding": "v100r001c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D24534-B42F-48F4-8E04-5C6CFD64C4B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_v3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B71EA81-B701-47D0-903D-EC3725F1F866",
"versionEndIncluding": "v100r001c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9E151-2924-47F8-A20B-E413C548F9AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions."
},
{
"lang": "es",
"value": "Los servidores en rack FusionServer RH2288 V3 con software anterior a V100R003C00SPC603, RH2288H V3 anterior a V100R003C00SPC503, XH628 V3 anterior a V100R003C00SPC602, RH1288 V3 anterior a V100R003C00SPC602, RH2288A V2 anterior a V100R002C00SPC701, RH1288A V2 anterior a V100R002C00SPC502, RH8100 V3 anterior a V100R003C00SPC110, CH222 V3 anterior a V100R001C00SPC161, CH220 V3 anterior a V100R001C00SPC161 y CH121 V3 anterior a V100R001C00SPC161 de Huawei permiten que operadores remotos autenticados cambien informaci\u00f3n del servidor aprovechando un fallo para verificar permisos del usuario."
}
],
"id": "CVE-2015-7842",
"lastModified": "2024-11-21T02:37:30.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-10T01:30:20.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76836"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}