Vulnerability CVE-2018-7941


Published: 2018-05-10

Description:
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Huawei -> Rh2288h v3 firmware 
Huawei -> 1288h v5 firmware 
Huawei -> Xh310 v3 firmware 
Huawei -> 2288h v5 firmware 
Huawei -> Xh321 v3 firmware 
Huawei -> 2488 v5 firmware 
Huawei -> Xh321 v5 firmware 
Huawei -> Ch121 v3 firmware 
Huawei -> Xh620 v3 firmware 
Huawei -> Ch121 v5 firmware 
Huawei -> Ch121l v3 firmware 
Huawei -> Ch121l v5 firmware 
Huawei -> Ch140 v3 firmware 
Huawei -> Ch140l v3 firmware 
Huawei -> Ch220 v3 firmware 
Huawei -> Ch222 v3 firmware 
Huawei -> Ch242 v3 firmware 
Huawei -> Ch242 v5 firmware 
Huawei -> Rh1288 v3 firmware 
Huawei -> Rh2288 v3 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en

Copyright 2024, cxsecurity.com

 

Back to Top