CVE-2018-7949

CWE-287Improper Authentication3 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 64.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Huawei 1288h V5 FirmwareHuawei 2288h V5 FirmwareHuawei 2488 V5 Firmware+17 more
Timeline
PublishedJun 1
Latest updateMay 14

Description

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages20 packages

NVDhuawei/2488_v5_firmware100r005c00
NVDhuawei/1288h_v5_firmware100r005c00
NVDhuawei/2288h_v5_firmware100r005c00
NVDhuawei/ch121_v3_firmware100r001c00
NVDhuawei/ch121_v5_firmware100r001c00

🔴Vulnerability Details

2
GHSA
GHSA-x2jh-mxrp-cv8g: The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability2022-05-14
CVEList
CVE-2018-7949: The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability2018-06-01
CVE-2018-7949 (HIGH CVSS 8.8) | The iBMC (Intelligent Baseboard Man | cvebase.io