Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for ch242_v3_firmware by huawei

    CVE-2019-0708 (GCVE-0-2019-0708)

    Vulnerability from nvd – Published: 2019-05-16 18:17 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0708",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:17:22.676231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0708"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:37.137Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0708"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-0708 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-03T17:06:16.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0708",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0708",
        "datePublished": "2019-05-16T18:17:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:37.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7943 (GCVE-0-2018-7943)

    Vulnerability from nvd – Published: 2018-06-05 15:00 – Updated: 2024-09-17 02:05
    VLAI
    Summary
    There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.
    Severity
    No CVSS data available.
    CWE
    • authentication bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-05T14:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "DATE_PUBLIC": "2018-05-30T00:00:00",
              "ID": "CVE-2018-7943",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7943",
        "datePublished": "2018-06-05T15:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:05:37.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7951 (GCVE-0-2018-7951)

    Vulnerability from nvd – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
    Severity
    No CVSS data available.
    CWE
    • JSON injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "JSON injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-01T13:57:02.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7951",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "JSON injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7951",
        "datePublished": "2018-06-01T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7950 (GCVE-0-2018-7950)

    Vulnerability from nvd – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
    Severity
    No CVSS data available.
    CWE
    • JSON injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "JSON injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-01T13:57:02.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "JSON injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7950",
        "datePublished": "2018-06-01T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7949 (GCVE-0-2018-7949)

    Vulnerability from nvd – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
    Severity
    No CVSS data available.
    CWE
    • privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.717Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-01T13:57:02.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7949",
        "datePublished": "2018-06-01T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7942 (GCVE-0-2018-7942)

    Vulnerability from nvd – Published: 2018-05-24 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
    Severity
    No CVSS data available.
    CWE
    • authentication bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-24T13:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7942",
        "datePublished": "2018-05-24T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7941 (GCVE-0-2018-7941)

    Vulnerability from nvd – Published: 2018-05-10 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
    Severity
    No CVSS data available.
    CWE
    • authentication bypass
    Assigner
    References
    Impacted products
    Date Public
    2018-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iBMC",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V200R002C60"
                }
              ]
            }
          ],
          "datePublic": "2018-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T13:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7941",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iBMC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V200R002C60"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7941",
        "datePublished": "2018-05-10T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0708 (GCVE-0-2019-0708)

    Vulnerability from cvelistv5 – Published: 2019-05-16 18:17 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0708",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:17:22.676231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0708"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:37.137Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0708"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-0708 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-03T17:06:16.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0708",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0708",
        "datePublished": "2019-05-16T18:17:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:37.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7943 (GCVE-0-2018-7943)

    Vulnerability from cvelistv5 – Published: 2018-06-05 15:00 – Updated: 2024-09-17 02:05
    VLAI
    Summary
    There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.
    Severity
    No CVSS data available.
    CWE
    • authentication bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-05T14:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "DATE_PUBLIC": "2018-05-30T00:00:00",
              "ID": "CVE-2018-7943",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7943",
        "datePublished": "2018-06-05T15:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:05:37.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7951 (GCVE-0-2018-7951)

    Vulnerability from cvelistv5 – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
    Severity
    No CVSS data available.
    CWE
    • JSON injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "JSON injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-01T13:57:02.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7951",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "JSON injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7951",
        "datePublished": "2018-06-01T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7949 (GCVE-0-2018-7949)

    Vulnerability from cvelistv5 – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
    Severity
    No CVSS data available.
    CWE
    • privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.717Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-01T13:57:02.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7949",
        "datePublished": "2018-06-01T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7950 (GCVE-0-2018-7950)

    Vulnerability from cvelistv5 – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
    Severity
    No CVSS data available.
    CWE
    • JSON injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "JSON injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-01T13:57:02.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "JSON injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7950",
        "datePublished": "2018-06-01T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7942 (GCVE-0-2018-7942)

    Vulnerability from cvelistv5 – Published: 2018-05-24 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
    Severity
    No CVSS data available.
    CWE
    • authentication bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. 1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Affected: 1288H V5 V100R005C00
    Affected: 2288H V5 V100R005C00
    Affected: 2488 V5 V100R005C00
    Affected: CH121 V3 V100R001C00
    Affected: CH121L V3 V100R001C00
    Affected: CH121L V5 V100R001C00
    Affected: CH121 V5 V100R001C00
    Affected: CH140 V3 V100R001C00
    Affected: CH140L V3 V100R001C00
    Affected: CH220 V3 V100R001C00
    Affected: CH222 V3 V100R001C00
    Affected: CH242 V3 V100R001C00
    Affected: CH242 V5 V100R001C00
    Affected: RH1288 V3 V100R003C00
    Affected: RH2288 V3 V100R003C00
    Affected: RH2288H V3 V100R003C00
    Affected: XH310 V3 V100R003C00
    Affected: XH321 V3 V100R003C00
    Affected: XH321 V5 V100R005C00
    Affected: XH620 V3 V100R003C00
    Create a notification for this product.
    Date Public
    2018-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2288H V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "2488 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121L V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH121 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH140L V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH220 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH222 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V3 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "CH242 V5 V100R001C00"
                },
                {
                  "status": "affected",
                  "version": "RH1288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "RH2288H V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH310 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V3 V100R003C00"
                },
                {
                  "status": "affected",
                  "version": "XH321 V5 V100R005C00"
                },
                {
                  "status": "affected",
                  "version": "XH620 V3 V100R003C00"
                }
              ]
            }
          ],
          "datePublic": "2018-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-24T13:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2288H V5 V100R005C00"
                              },
                              {
                                "version_value": "2488 V5 V100R005C00"
                              },
                              {
                                "version_value": "CH121 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH121L V5 V100R001C00"
                              },
                              {
                                "version_value": "CH121 V5 V100R001C00"
                              },
                              {
                                "version_value": "CH140 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH140L V3 V100R001C00"
                              },
                              {
                                "version_value": "CH220 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH222 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V3 V100R001C00"
                              },
                              {
                                "version_value": "CH242 V5 V100R001C00"
                              },
                              {
                                "version_value": "RH1288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288 V3 V100R003C00"
                              },
                              {
                                "version_value": "RH2288H V3 V100R003C00"
                              },
                              {
                                "version_value": "XH310 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V3 V100R003C00"
                              },
                              {
                                "version_value": "XH321 V5 V100R005C00"
                              },
                              {
                                "version_value": "XH620 V3 V100R003C00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7942",
        "datePublished": "2018-05-24T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7941 (GCVE-0-2018-7941)

    Vulnerability from cvelistv5 – Published: 2018-05-10 14:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
    Severity
    No CVSS data available.
    CWE
    • authentication bypass
    Assigner
    References
    Impacted products
    Date Public
    2018-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iBMC",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V200R002C60"
                }
              ]
            }
          ],
          "datePublic": "2018-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T13:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7941",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iBMC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V200R002C60"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7941",
        "datePublished": "2018-05-10T14:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }