CVE-2018-7951

CWE-94 — Code Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 45.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei 1288h V5 Firmware Huawei 2288h V5 Firmware Huawei 2488 V5 Firmware +17 more

Timeline

PublishedJun 1

Latest updateMay 13

Description

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages20 packages

▶NVDhuawei/2488_v5_firmware100r005c00

▶NVDhuawei/1288h_v5_firmware100r005c00

▶NVDhuawei/2288h_v5_firmware100r005c00

▶NVDhuawei/ch121_v3_firmware100r001c00

▶NVDhuawei/ch121_v5_firmware100r001c00

🔴Vulnerability Details

GHSA

GHSA-c445-2cgq-9843: The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation↗2022-05-13

▶

CVEList

CVE-2018-7951: The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation↗2018-06-01

▶