Privilege Escalation Vulnerability in Huawei Servers
CVE-2018-7949

8.8HIGH

Key Information:

Vendor

McAfee
Status
1288h V5; 2288h V5; 2488 V5 ; Ch121 V3; Ch121l V3; Ch121l V5 ; Ch121 V5 ; Ch140 V3; Ch140l V3; Ch220 V3; Ch222 V3; Ch242 V3; Ch242 V5 ; Rh1288 V3; Rh2288 V3; Rh2288h V3; Xh310 V3; Xh321 V3; Xh321 V5; Xh620 V3
Vendor
CVE Published:
1 June 2018

What is CVE-2018-7949?

The iBMC (Intelligent Baseboard Management Controller) of certain Huawei servers contains a vulnerability that allows remote attackers to exploit improperly designed authentication mechanisms. By sending specifically crafted login messages, a low privileged user can escalate their privileges and gain the ability to modify or retrieve credentials of highly privileged users, potentially compromising the security of the entire server environment.

Affected Version(s)

1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 1288H V5 V100R005C00

1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 2288H V5 V100R005C00

1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 2488 V5 V100R005C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.