CVE-2018-7943 (GCVE-0-2018-7943)

Vulnerability from cvelistv5 – Published: 2018-06-05 15:00 – Updated: 2024-09-17 02:05
VLAI?
Summary
There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.
Severity ?
No CVSS data available.
CWE
  • authentication bypass
Assigner
References
Impacted products
Vendor Product Version
Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
Affected: 2288H V5 V100R005C00
Affected: 2488 V5 V100R005C00
Affected: CH121 V3 V100R001C00
Affected: CH121L V3 V100R001C00
Affected: CH121L V5 V100R001C00
Affected: CH121 V5 V100R001C00
Affected: CH140 V3 V100R001C00
Affected: CH140L V3 V100R001C00
Affected: CH220 V3 V100R001C00
Affected: CH222 V3 V100R001C00
Affected: CH242 V3 V100R001C00
Affected: CH242 V5 V100R001C00
Affected: RH1288 V3 V100R003C00
Affected: RH2288 V3 V100R003C00
Affected: RH2288H V3 V100R003C00
Affected: XH310 V3 V100R003C00
Affected: XH321 V3 V100R003C00
Affected: XH321 V5 V100R005C00
Affected: XH620 V3 V100R003C00
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "1288H V5 V100R005C00"
            },
            {
              "status": "affected",
              "version": "2288H V5 V100R005C00"
            },
            {
              "status": "affected",
              "version": "2488 V5 V100R005C00"
            },
            {
              "status": "affected",
              "version": "CH121 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH121L V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH121L V5 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH121 V5 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH140 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH140L V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH220 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH222 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH242 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH242 V5 V100R001C00"
            },
            {
              "status": "affected",
              "version": "RH1288 V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "RH2288 V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "RH2288H V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "XH310 V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "XH321 V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "XH321 V5 V100R005C00"
            },
            {
              "status": "affected",
              "version": "XH620 V3 V100R003C00"
            }
          ]
        }
      ],
      "datePublic": "2018-05-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-05T14:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2018-05-30T00:00:00",
          "ID": "CVE-2018-7943",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1288H V5 V100R005C00"
                          },
                          {
                            "version_value": "2288H V5 V100R005C00"
                          },
                          {
                            "version_value": "2488 V5 V100R005C00"
                          },
                          {
                            "version_value": "CH121 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH121L V3 V100R001C00"
                          },
                          {
                            "version_value": "CH121L V5 V100R001C00"
                          },
                          {
                            "version_value": "CH121 V5 V100R001C00"
                          },
                          {
                            "version_value": "CH140 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH140L V3 V100R001C00"
                          },
                          {
                            "version_value": "CH220 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH222 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH242 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH242 V5 V100R001C00"
                          },
                          {
                            "version_value": "RH1288 V3 V100R003C00"
                          },
                          {
                            "version_value": "RH2288 V3 V100R003C00"
                          },
                          {
                            "version_value": "RH2288H V3 V100R003C00"
                          },
                          {
                            "version_value": "XH310 V3 V100R003C00"
                          },
                          {
                            "version_value": "XH321 V3 V100R003C00"
                          },
                          {
                            "version_value": "XH321 V5 V100R005C00"
                          },
                          {
                            "version_value": "XH620 V3 V100R003C00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2018-7943",
    "datePublished": "2018-06-05T15:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-17T02:05:37.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:1288h_v5_firmware:v100r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40D2568F-0B77-40A2-AA93-278BE46231C2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A97FE467-E5EB-45B4-B7EA-2E8232307CEE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:2288h_v5_firmware:v100r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0152651D-882D-4ED9-9FC7-F820A597FA6E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E01F546-8E5E-4A5A-B921-DF985FF1D7ED\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:2488_v5_firmware:v100r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CCEA7BB-CD55-4F09-B43D-41BFB4ADFBFD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8494E22-C84A-4201-96A3-02D8CBAC7C02\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch121_v3_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C124EED-41A3-447B-909D-A77CBF12C7CE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FF9E151-2924-47F8-A20B-E413C548F9AA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch121l_v3_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DDDBEA9-7D8B-4297-AC36-4A9A60EFA84C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58588D8E-57C2-466C-96DD-B7F679AC7EA7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch121l_v5_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AC39EC1-2BA7-4D4A-8BB7-F3B98B13711C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch121_v5_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE562D3B-611B-4BB5-B9C3-F719BB38D47B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch121_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48D2E997-5EC8-46F3-9AC9-B06A01FBBF92\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch140_v3_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8D036DA-9AD2-453A-BD64-64C9A8B702CB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch140_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0C4EBB9-35CB-4EA3-80AA-005785806CB8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch140l_v3_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A7A9E3C-E2AE-44BD-84BB-3D61B3043D9E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch140l_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEF1B2D3-C978-4014-8FE6-1A39BCBA0F34\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch220_v3_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36061858-18ED-4F9F-AA66-15ED33EFDA96\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6D24534-B42F-48F4-8E04-5C6CFD64C4B1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch222_v3_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFDF5C51-485F-4634-B985-508ED38F7A9B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69FEA658-EC41-4E35-B36D-42C4770E44ED\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch242_v3_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"563AC0A9-568C-4010-9142-28C88349B587\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2637E43-1937-4320-AAF4-3770C332B66E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:ch242_v5_firmware:v100r001c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CA4F054-5DD1-41DD-89B0-DD60FEC233D4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:ch242_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F38C6CB2-4851-43E9-B608-99857AEEE900\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:rh1288_v3_firmware:v100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04E82A05-5922-48BF-95B0-EE08A80E0070\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C20F56E3-3F39-4038-9918-96F1EAB82A85\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:rh2288_v3_firmware:v100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D56D3C5-C96C-4B82-A22A-4F9E35A45786\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24C453A0-D125-4152-A8BF-E369F7D48322\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:rh2288h_v3_firmware:v100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DC5328E-0239-4A84-9D38-F9AB8D19ABBA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:xh310_v3_firmware:v100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AC5E6CD-171C-4991-99BD-109F7817666D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:xh310_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8823E10A-ADA2-4364-A4F3-A0BCD64DACC3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:xh321_v3_firmware:v100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EFD9834-0C3F-41A1-8155-19426E47E23B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:xh321_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC29DFDD-8B50-48FC-9700-BDF766B6986B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:xh321_v5_firmware:v100r005c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B01CB1D4-B34F-4718-A542-7F4244A55A8B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:xh321_v5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62587B2F-1C9F-4BE5-8E4B-8713ACAA0AA1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:xh620_v3_firmware:v100r003c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACC82BB7-D6A2-449A-98D2-7DE8F07A837B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:xh620_v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA54C1AF-8F77-4D40-B938-38887782D3AF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege.\"}, {\"lang\": \"es\", \"value\": \"Hay una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n en algunos servidores Huawei. Un atacante remoto con pocos privilegios podr\\u00eda omitir la autenticaci\\u00f3n por medio de algunas operaciones especiales. Debido a una autenticaci\\u00f3n insuficiente, un atacante podr\\u00eda explotar la vulnerabilidad para obtener informaci\\u00f3n sensible y privilegios de usuarios de alto nivel.\"}]",
      "id": "CVE-2018-7943",
      "lastModified": "2024-11-21T04:13:00.077",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-06-05T15:29:00.457",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7943\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2018-06-05T15:29:00.457\",\"lastModified\":\"2024-11-21T04:13:00.077\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege.\"},{\"lang\":\"es\",\"value\":\"Hay una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en algunos servidores Huawei. Un atacante remoto con pocos privilegios podr\u00eda omitir la autenticaci\u00f3n por medio de algunas operaciones especiales. Debido a una autenticaci\u00f3n insuficiente, un atacante podr\u00eda explotar la vulnerabilidad para obtener informaci\u00f3n sensible y privilegios de usuarios de alto nivel.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:1288h_v5_firmware:v100r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40D2568F-0B77-40A2-AA93-278BE46231C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A97FE467-E5EB-45B4-B7EA-2E8232307CEE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:2288h_v5_firmware:v100r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0152651D-882D-4ED9-9FC7-F820A597FA6E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E01F546-8E5E-4A5A-B921-DF985FF1D7ED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:2488_v5_firmware:v100r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CCEA7BB-CD55-4F09-B43D-41BFB4ADFBFD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8494E22-C84A-4201-96A3-02D8CBAC7C02\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch121_v3_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C124EED-41A3-447B-909D-A77CBF12C7CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF9E151-2924-47F8-A20B-E413C548F9AA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch121l_v3_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DDDBEA9-7D8B-4297-AC36-4A9A60EFA84C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58588D8E-57C2-466C-96DD-B7F679AC7EA7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch121l_v5_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AC39EC1-2BA7-4D4A-8BB7-F3B98B13711C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch121_v5_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE562D3B-611B-4BB5-B9C3-F719BB38D47B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch121_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48D2E997-5EC8-46F3-9AC9-B06A01FBBF92\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch140_v3_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8D036DA-9AD2-453A-BD64-64C9A8B702CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch140_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0C4EBB9-35CB-4EA3-80AA-005785806CB8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch140l_v3_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A7A9E3C-E2AE-44BD-84BB-3D61B3043D9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch140l_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEF1B2D3-C978-4014-8FE6-1A39BCBA0F34\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch220_v3_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36061858-18ED-4F9F-AA66-15ED33EFDA96\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6D24534-B42F-48F4-8E04-5C6CFD64C4B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch222_v3_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFDF5C51-485F-4634-B985-508ED38F7A9B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69FEA658-EC41-4E35-B36D-42C4770E44ED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch242_v3_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"563AC0A9-568C-4010-9142-28C88349B587\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2637E43-1937-4320-AAF4-3770C332B66E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:ch242_v5_firmware:v100r001c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CA4F054-5DD1-41DD-89B0-DD60FEC233D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:ch242_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38C6CB2-4851-43E9-B608-99857AEEE900\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:rh1288_v3_firmware:v100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04E82A05-5922-48BF-95B0-EE08A80E0070\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C20F56E3-3F39-4038-9918-96F1EAB82A85\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:rh2288_v3_firmware:v100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D56D3C5-C96C-4B82-A22A-4F9E35A45786\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C453A0-D125-4152-A8BF-E369F7D48322\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:rh2288h_v3_firmware:v100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DC5328E-0239-4A84-9D38-F9AB8D19ABBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A0B7D22-4BCE-4BF0-9738-8EBEEB9ED643\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:xh310_v3_firmware:v100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AC5E6CD-171C-4991-99BD-109F7817666D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:xh310_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8823E10A-ADA2-4364-A4F3-A0BCD64DACC3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:xh321_v3_firmware:v100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EFD9834-0C3F-41A1-8155-19426E47E23B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:xh321_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC29DFDD-8B50-48FC-9700-BDF766B6986B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:xh321_v5_firmware:v100r005c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B01CB1D4-B34F-4718-A542-7F4244A55A8B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:xh321_v5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62587B2F-1C9F-4BE5-8E4B-8713ACAA0AA1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:xh620_v3_firmware:v100r003c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACC82BB7-D6A2-449A-98D2-7DE8F07A837B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:xh620_v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA54C1AF-8F77-4D40-B938-38887782D3AF\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.