Authentication Bypass Vulnerability in Huawei Server iBMC
CVE-2018-7942

7.5HIGH

Key Information:

Vendor: McAfee
Status: 1288h V5; 2288h V5; 2488 V5; Ch121 V3; Ch121l V3; Ch121l V5; Ch121 V5; Ch140 V3; Ch140l V3; Ch220 V3; Ch222 V3; Ch242 V3; Ch242 V5; Rh1288 V3; Rh2288 V3; Rh2288h V3; Xh310 V3; Xh321 V3; Xh321 V5; Xh620 V3
Vendor: CVE Published:; 24 May 2018

What is CVE-2018-7942?

The iBMC or Intelligent Baseboard Management Controller in certain Huawei servers is susceptible to an authentication bypass vulnerability. This flaw allows unauthenticated remote attackers to send crafted messages, potentially leading to unauthorized access and information leakage due to inadequate authentication mechanisms.

Affected Version(s)

1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 1288H V5 V100R005C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2018
Vulnerability Reserved
Mar 9, 2018

JSON

McAfee

What is CVE-2018-7942?

Affected Version(s)

References

CVSS V3.1

Timeline