CVE-2018-7943

CWE-287Improper AuthenticationCWE-276Incorrect Default PermissionsCWE-200Information Exposure6 documents6 sources
Severity
8.8HIGH
EPSS
0.2%
top 58.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Huawei 1288h V5 FirmwareHuawei 2288h V5 FirmwareHuawei 2488 V5 Firmware+17 more
Timeline
PublishedJun 5
Latest updateMay 14

Description

There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages20 packages

NVDhuawei/2488_v5_firmwarev100r005c00
NVDhuawei/1288h_v5_firmwarev100r005c00
NVDhuawei/2288h_v5_firmwarev100r005c00
NVDhuawei/ch121_v3_firmwarev100r001c00
NVDhuawei/ch121_v5_firmwarev100r001c00

🔴Vulnerability Details

3
GHSA
GHSA-qp67-v7w7-r9vj: There is an authentication bypass vulnerability in some Huawei servers2022-05-14
OSV
libx11 vulnerabilities2018-08-30
CVEList
CVE-2018-7943: There is an authentication bypass vulnerability in some Huawei servers2018-06-05

📋Vendor Advisories

1
Red Hat
puppet: puppet server and puppetDB may leak sensitive information via metrics API2020-03-10