CVE-2018-7949
published 2018-06-01CVE-2018-7949: The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| huawei | 1288h_v5_firmware | — | — |
| huawei | 2288h_v5_firmware | — | — |
| huawei | 2488_v5_firmware | — | — |
| huawei | ch121_v3_firmware | — | — |
| huawei | ch121_v5_firmware | — | — |
| huawei | ch121l_v3_firmware | — | — |
| huawei | ch121l_v5_firmware | — | — |
| huawei | ch140_v3_firmware | — | — |
| huawei | ch140l_v3_firmware | — | — |
| huawei | ch220_v3_firmware | — | — |
| huawei | ch222_v3_firmware | — | — |
| huawei | ch242_v3_firmware | — | — |
| huawei | ch242_v5_firmware | — | — |
| huawei | rh1288_v3_firmware | — | — |
| huawei | rh2288_v3_firmware | — | — |
| huawei | rh2288h_v3_firmware | — | — |
| huawei | xh310_v3_firmware | — | — |
| huawei | xh321_v3_firmware | — | — |
| huawei | xh321_v5_firmware | — | — |
| huawei | xh620_v3_firmware | — | — |