9

CVE-2018-7951

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.

Data is provided by the National Vulnerability Database (NVD)
Huawei1288h V5 Firmware Version100r005c00
   Huawei1288h V5 Version-
Huawei2288h V5 Firmware Version100r005c00
   Huawei2288h V5 Version-
Huawei2488 V5 Firmware Version100r005c00
   Huawei2488 V5 Version-
HuaweiCh121 V3 Firmware Version100r001c00
   HuaweiCh121 V3 Version-
HuaweiCh121l V3 Firmware Version100r001c00
   HuaweiCh121l V3 Version-
HuaweiCh121l V5 Firmware Version100r001c00
   HuaweiCh121l V5 Version-
HuaweiCh121 V5 Firmware Version100r001c00
   HuaweiCh121 V5 Version-
HuaweiCh140 V3 Firmware Version100r001c00
   HuaweiCh140 V3 Version-
HuaweiCh140l V3 Firmware Version100r001c00
   HuaweiCh140l V3 Version-
HuaweiCh220 V3 Firmware Version100r001c00
   HuaweiCh220 V3 Version-
HuaweiCh222 V3 Firmware Version100r001c00
   HuaweiCh222 V3 Version-
HuaweiCh242 V3 Firmware Version100r001c00
   HuaweiCh242 V3 Version-
HuaweiCh242 V5 Firmware Version100r001c00
   HuaweiCh242 V5 Version-
HuaweiRh1288 V3 Firmware Version100r003c00
   HuaweiRh1288 V3 Version-
HuaweiRh2288 V3 Firmware Version100r003c00
   HuaweiRh2288 V3 Version-
HuaweiXh310 V3 Firmware Version100r003c00
   HuaweiXh310 V3 Version-
HuaweiXh321 V3 Firmware Version100r003c00
   HuaweiXh321 V3 Version-
HuaweiXh321 V5 Firmware Version100r005c00
   HuaweiXh321 V5 Version-
HuaweiRh2288h V3 Firmware Version100r003c00
   HuaweiRh2288h V3 Version-
HuaweiXh620 V3 Firmware Version100r003c00
   HuaweiXh620 V3 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.33% 0.554
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.