CVE-2018-7949

EPSS 0.21%
Veröffentlicht 01.06.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 04:13:00
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ 1288h V5 Firmware Version100r005c00

Huawei ≫ 1288h V5 Version-

Huawei ≫ 2288h V5 Firmware Version100r005c00

Huawei ≫ 2288h V5 Version-

Huawei ≫ 2488 V5 Firmware Version100r005c00

Huawei ≫ 2488 V5 Version-

Huawei ≫ Ch121 V3 Firmware Version100r001c00

Huawei ≫ Ch121 V3 Version-

Huawei ≫ Ch121l V3 Firmware Version100r001c00

Huawei ≫ Ch121l V3 Version-

Huawei ≫ Ch121l V5 Firmware Version100r001c00

Huawei ≫ Ch121l V5 Version-

Huawei ≫ Ch121 V5 Firmware Version100r001c00

Huawei ≫ Ch121 V5 Version-

Huawei ≫ Ch140 V3 Firmware Version100r001c00

Huawei ≫ Ch140 V3 Version-

Huawei ≫ Ch140l V3 Firmware Version100r001c00

Huawei ≫ Ch140l V3 Version-

Huawei ≫ Ch220 V3 Firmware Version100r001c00

Huawei ≫ Ch220 V3 Version-

Huawei ≫ Ch222 V3 Firmware Version100r001c00

Huawei ≫ Ch222 V3 Version-

Huawei ≫ Ch242 V3 Firmware Version100r001c00

Huawei ≫ Ch242 V3 Version-

Huawei ≫ Ch242 V5 Firmware Version100r001c00

Huawei ≫ Ch242 V5 Version-

Huawei ≫ Rh1288 V3 Firmware Version100r003c00

Huawei ≫ Rh1288 V3 Version-

Huawei ≫ Rh2288 V3 Firmware Version100r003c00

Huawei ≫ Rh2288 V3 Version-

Huawei ≫ Xh310 V3 Firmware Version100r003c00

Huawei ≫ Xh310 V3 Version-

Huawei ≫ Xh321 V3 Firmware Version100r003c00

Huawei ≫ Xh321 V3 Version-

Huawei ≫ Xh321 V5 Firmware Version100r005c00

Huawei ≫ Xh321 V5 Version-

Huawei ≫ Rh2288h V3 Firmware Version100r003c00

Huawei ≫ Rh2288h V3 Version-

Huawei ≫ Xh620 V3 Firmware Version100r003c00

Huawei ≫ Xh620 V3 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.401

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-7949

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7949

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7949

EUVD