JSON Injection Vulnerability in Huawei iBMC System
CVE-2018-7950

8.8HIGH

Key Information:

Vendor

McAfee
Status
1288h V5; 2288h V5; 2488 V5 ; Ch121 V3; Ch121l V3; Ch121l V5 ; Ch121 V5 ; Ch140 V3; Ch140l V3; Ch220 V3; Ch222 V3; Ch242 V3; Ch242 V5 ; Rh1288 V3; Rh2288 V3; Rh2288h V3; Xh310 V3; Xh321 V3; Xh321 V5; Xh620 V3
Vendor
CVE Published:
1 June 2018

What is CVE-2018-7950?

The iBMC (Intelligent Baseboard Management Controller) present in certain Huawei servers contains a JSON injection vulnerability stemming from inadequate input validation. This allows an authenticated, remote attacker to manipulate the JSON request, enabling them to alter the administrator password. If successfully executed, this vulnerability could grant the attacker elevated management privileges over the affected system, posing significant risks to system security and integrity.

Affected Version(s)

1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 1288H V5 V100R005C00

1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 2288H V5 V100R005C00

1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 2488 V5 V100R005C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.