CVE-2018-7941
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
Affected (20)
Products: Huawei: Ch121 V3 Firmware, Ch121l V3 Firmware, Ch140 V3 Firmware, Ch140l V3 Firmware, Ch220 V3 Firmware, Ch222 V3 Firmware, Ch242 V3 Firmware, Rh1288 V3 Firmware, Rh2288 V3 Firmware, Rh2288h V3 Firmware, Xh310 V3 Firmware, Xh321 V3 Firmware, Xh620 V3 Firmware, Ch121 V5 Firmware, Ch121l V5 Firmware, Ch242 V5 Firmware, 1288h V5 Firmware, 2288h V5 Firmware, 2488 V5 Firmware, Xh321 V5 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch121 V3 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch121l V3 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch140 V3 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch140l V3 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch220 V3 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch222 V3 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch242 V3 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Rh1288 V3 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Rh2288 V3 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Rh2288h V3 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Xh310 V3 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Xh321 V3 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r003c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Xh620 V3 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch121 V5 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch121l V5 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r001c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Ch242 V5 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r005c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei 1288h V5 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r005c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei 2288h V5 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r005c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei 2488 V5 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Version 100r005c00 |
| Running on/with | Platform Versions |
|---|---|
Huawei Xh321 V5 | All versions |
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.