Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7949

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.

Published

2018-06-01T14:29:00.787

Last Modified

2024-11-21T04:13:00.580

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	1288h_v5_firmware	100r005c00	Yes
Hardware	huawei	1288h_v5	-	No
Operating System	huawei	2288h_v5_firmware	100r005c00	Yes
Hardware	huawei	2288h_v5	-	No
Operating System	huawei	2488_v5_firmware	100r005c00	Yes
Hardware	huawei	2488_v5	-	No
Operating System	huawei	ch121_v3_firmware	100r001c00	Yes
Hardware	huawei	ch121_v3	-	No
Operating System	huawei	ch121l_v3_firmware	100r001c00	Yes
Hardware	huawei	ch121l_v3	-	No
Operating System	huawei	ch121l_v5_firmware	100r001c00	Yes
Hardware	huawei	ch121l_v5	-	No
Operating System	huawei	ch121_v5_firmware	100r001c00	Yes
Hardware	huawei	ch121_v5	-	No
Operating System	huawei	ch140_v3_firmware	100r001c00	Yes
Hardware	huawei	ch140_v3	-	No
Operating System	huawei	ch140l_v3_firmware	100r001c00	Yes
Hardware	huawei	ch140l_v3	-	No
Operating System	huawei	ch220_v3_firmware	100r001c00	Yes
Hardware	huawei	ch220_v3	-	No
Operating System	huawei	ch222_v3_firmware	100r001c00	Yes
Hardware	huawei	ch222_v3	-	No
Operating System	huawei	ch242_v3_firmware	100r001c00	Yes
Hardware	huawei	ch242_v3	-	No
Operating System	huawei	ch242_v5_firmware	100r001c00	Yes
Hardware	huawei	ch242_v5	-	No
Operating System	huawei	rh1288_v3_firmware	100r003c00	Yes
Hardware	huawei	rh1288_v3	-	No
Operating System	huawei	rh2288_v3_firmware	100r003c00	Yes
Hardware	huawei	rh2288_v3	-	No
Operating System	huawei	xh310_v3_firmware	100r003c00	Yes
Hardware	huawei	xh310_v3	-	No
Operating System	huawei	xh321_v3_firmware	100r003c00	Yes
Hardware	huawei	xh321_v3	-	No
Operating System	huawei	xh321_v5_firmware	100r005c00	Yes
Hardware	huawei	xh321_v5	-	No
Operating System	huawei	rh2288h_v3_firmware	100r003c00	Yes
Hardware	huawei	rh2288h_v3	-	No
Operating System	huawei	xh620_v3_firmware	100r003c00	Yes
Hardware	huawei	xh620_v3	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)