Vulnerability CVE-2018-7942


Published: 2018-05-24

Description:
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Huawei -> 1288h v5 firmware 
Huawei -> 2288h v5 firmware 
Huawei -> 2488 v5 firmware 
Huawei -> Ch121 v3 firmware 
Huawei -> Ch121l v3 firmware 
Huawei -> Ch121l v5 firmware 
Huawei -> Ch242 v3 firmware 

 References:
https://exchange.xforce.ibmcloud.com/vulnerabilities/143686

Copyright 2024, cxsecurity.com

 

Back to Top