CVE-2018-7941

CWE-287 — Improper Authentication3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 81.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies Co., Ltd. Ibmc Huawei 1288h V5 Firmware Huawei 2288h V5 Firmware +18 more

Timeline

PublishedMay 10

Latest updateMay 14

Description

Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages21 packages

▶CVEListV5huawei_technologies_co.,_ltd./ibmcV200R002C60

▶NVDhuawei/2488_v5_firmware100r005c00

▶NVDhuawei/1288h_v5_firmware100r005c00

▶NVDhuawei/2288h_v5_firmware100r005c00

▶NVDhuawei/ch121_v3_firmware100r001c00

🔴Vulnerability Details

GHSA

GHSA-3jmp-4qpg-7fv3: Huawei iBMC V200R002C60 have an authentication bypass vulnerability↗2022-05-14

▶

CVEList

CVE-2018-7941: Huawei iBMC V200R002C60 have an authentication bypass vulnerability↗2018-05-10

▶