CVE-2018-7941 (GCVE-0-2018-7941)

Vulnerability from cvelistv5 – Published: 2018-05-10 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
Severity ?
No CVSS data available.
CWE
  • authentication bypass
Assigner
References
Impacted products
Vendor Product Version
Huawei Technologies Co., Ltd. iBMC Affected: V200R002C60
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.759Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iBMC",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "V200R002C60"
            }
          ]
        }
      ],
      "datePublic": "2018-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-10T13:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2018-7941",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iBMC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V200R002C60"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2018-7941",
    "datePublished": "2018-05-10T14:00:00",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.759Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5283ACDA-CCB2-47F6-BCB6-5085E93B9F6F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FF9E151-2924-47F8-A20B-E413C548F9AA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ACA0F25-613F-4D42-B634-6B7D3E57E3F4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58588D8E-57C2-466C-96DD-B7F679AC7EA7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch140_v3_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4B2CB6B-D216-4239-A023-5A22CDB17863\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch140_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0C4EBB9-35CB-4EA3-80AA-005785806CB8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch140l_v3_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"955D2776-0288-4B9F-B7F1-246A857DEAA8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch140l_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEF1B2D3-C978-4014-8FE6-1A39BCBA0F34\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch220_v3_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4929308D-56EE-4A2E-BD4A-8200A9D5BF8F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6D24534-B42F-48F4-8E04-5C6CFD64C4B1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch222_v3_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30660352-38A5-455D-8779-35343DD44DE1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69FEA658-EC41-4E35-B36D-42C4770E44ED\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E85B51FC-9C85-4B5C-B544-40D1B02F06EC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2637E43-1937-4320-AAF4-3770C332B66E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:rh1288_v3_firmware:100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"453060FA-4F69-44F2-8DD5-CDCFEEA50A19\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C20F56E3-3F39-4038-9918-96F1EAB82A85\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:rh2288_v3_firmware:100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D20D0CB7-84E0-4CE7-8F0D-51F44C967F79\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24C453A0-D125-4152-A8BF-E369F7D48322\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:rh2288h_v3_firmware:100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03777710-8412-4675-A98F-E19AC1C0FFF0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:xh310_v3_firmware:100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D014565-6F10-4A2D-AA6B-1BDDD3CDD8FD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:xh310_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8823E10A-ADA2-4364-A4F3-A0BCD64DACC3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:xh321_v3_firmware:100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"271064EB-1DC1-405F-88F5-A8F72270116E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:xh321_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC29DFDD-8B50-48FC-9700-BDF766B6986B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:xh620_v3_firmware:100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79316C79-B48D-4FC6-BD8A-29350FB12234\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:xh620_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA54C1AF-8F77-4D40-B938-38887782D3AF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch121_v5_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57A7E8BA-EF5A-4103-BF2E-0118FB53535E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch121_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48D2E997-5EC8-46F3-9AC9-B06A01FBBF92\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57EFD6C9-5A39-4D9A-824E-6DD1B51C47D8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch242_v5_firmware:100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2BAC240-B572-4BB3-B807-0B55BFCD2164\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch242_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F38C6CB2-4851-43E9-B608-99857AEEE900\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"970A03A9-3BD3-47CB-AE3E-DC6C354BB900\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A97FE467-E5EB-45B4-B7EA-2E8232307CEE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6CF6E61-7CF1-4CEF-9282-17102E56B38E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E01F546-8E5E-4A5A-B921-DF985FF1D7ED\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D757021-44CA-4B8D-A194-7B0DEE47E5B1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8494E22-C84A-4201-96A3-02D8CBAC7C02\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:xh321_v5_firmware:100r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70E83CF9-5D63-4D4B-AFD8-FAD77A48DF1A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:xh321_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62587B2F-1C9F-4BE5-8E4B-8713ACAA0AA1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.\"}, {\"lang\": \"es\", \"value\": \"Huawei iBMC V200R002C60 tiene una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n. Un atacante remoto con bajos privilegios puede manipular mensajes espec\\u00edficos para subir un certificado de autenticaci\\u00f3n en los productos afectados. Debido a la validaci\\u00f3n incorrecta de la autoridad de subida, un exploit exitoso puede provocar la elevaci\\u00f3n de privilegios.\"}]",
      "id": "CVE-2018-7941",
      "lastModified": "2024-11-21T04:12:59.830",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-05-10T14:29:00.720",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7941\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2018-05-10T14:29:00.720\",\"lastModified\":\"2024-11-21T04:12:59.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.\"},{\"lang\":\"es\",\"value\":\"Huawei iBMC V200R002C60 tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto con bajos privilegios puede manipular mensajes espec\u00edficos para subir un certificado de autenticaci\u00f3n en los productos afectados. Debido a la validaci\u00f3n incorrecta de la autoridad de subida, un exploit exitoso puede provocar la elevaci\u00f3n de privilegios.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5283ACDA-CCB2-47F6-BCB6-5085E93B9F6F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF9E151-2924-47F8-A20B-E413C548F9AA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ACA0F25-613F-4D42-B634-6B7D3E57E3F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58588D8E-57C2-466C-96DD-B7F679AC7EA7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch140_v3_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B2CB6B-D216-4239-A023-5A22CDB17863\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch140_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0C4EBB9-35CB-4EA3-80AA-005785806CB8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch140l_v3_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955D2776-0288-4B9F-B7F1-246A857DEAA8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch140l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEF1B2D3-C978-4014-8FE6-1A39BCBA0F34\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch220_v3_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4929308D-56EE-4A2E-BD4A-8200A9D5BF8F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6D24534-B42F-48F4-8E04-5C6CFD64C4B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch222_v3_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30660352-38A5-455D-8779-35343DD44DE1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69FEA658-EC41-4E35-B36D-42C4770E44ED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E85B51FC-9C85-4B5C-B544-40D1B02F06EC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2637E43-1937-4320-AAF4-3770C332B66E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:rh1288_v3_firmware:100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"453060FA-4F69-44F2-8DD5-CDCFEEA50A19\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C20F56E3-3F39-4038-9918-96F1EAB82A85\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:rh2288_v3_firmware:100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D20D0CB7-84E0-4CE7-8F0D-51F44C967F79\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C453A0-D125-4152-A8BF-E369F7D48322\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:rh2288h_v3_firmware:100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03777710-8412-4675-A98F-E19AC1C0FFF0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:xh310_v3_firmware:100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D014565-6F10-4A2D-AA6B-1BDDD3CDD8FD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:xh310_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8823E10A-ADA2-4364-A4F3-A0BCD64DACC3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:xh321_v3_firmware:100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"271064EB-1DC1-405F-88F5-A8F72270116E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:xh321_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC29DFDD-8B50-48FC-9700-BDF766B6986B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:xh620_v3_firmware:100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79316C79-B48D-4FC6-BD8A-29350FB12234\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:xh620_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA54C1AF-8F77-4D40-B938-38887782D3AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch121_v5_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57A7E8BA-EF5A-4103-BF2E-0118FB53535E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch121_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48D2E997-5EC8-46F3-9AC9-B06A01FBBF92\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57EFD6C9-5A39-4D9A-824E-6DD1B51C47D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch242_v5_firmware:100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2BAC240-B572-4BB3-B807-0B55BFCD2164\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch242_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38C6CB2-4851-43E9-B608-99857AEEE900\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"970A03A9-3BD3-47CB-AE3E-DC6C354BB900\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A97FE467-E5EB-45B4-B7EA-2E8232307CEE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6CF6E61-7CF1-4CEF-9282-17102E56B38E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E01F546-8E5E-4A5A-B921-DF985FF1D7ED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D757021-44CA-4B8D-A194-7B0DEE47E5B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8494E22-C84A-4201-96A3-02D8CBAC7C02\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:xh321_v5_firmware:100r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70E83CF9-5D63-4D4B-AFD8-FAD77A48DF1A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:xh321_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62587B2F-1C9F-4BE5-8E4B-8713ACAA0AA1\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.