JSON Injection Vulnerability in Huawei Servers' Management Controllers
CVE-2018-7951

8.8HIGH

Key Information:

Vendor: McAfee
Status: 1288h V5; 2288h V5; 2488 V5 ; Ch121 V3; Ch121l V3; Ch121l V5 ; Ch121 V5 ; Ch140 V3; Ch140l V3; Ch220 V3; Ch222 V3; Ch242 V3; Ch242 V5 ; Rh1288 V3; Rh2288 V3; Rh2288h V3; Xh310 V3; Xh321 V3; Xh321 V5; Xh620 V3
Vendor: CVE Published:; 1 June 2018

What is CVE-2018-7951?

The iBMC (Intelligent Baseboard Management Controller) of certain Huawei servers is susceptible to a JSON injection vulnerability due to inadequate input validation. This allows an authenticated remote attacker to exploit the flaw by launching a JSON injection attack, potentially enabling them to change the administrator's password. If successfully executed, this vulnerability could grant the attacker management privileges over the compromised system.

Affected Version(s)

1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 1288H V5 V100R005C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2018
Vulnerability Reserved
Mar 9, 2018

JSON

McAfee

What is CVE-2018-7951?

Affected Version(s)

References

CVSS V3.1

Timeline