Search criteria
12 vulnerabilities found for rh2288h_v3_firmware by huawei
CVE-2018-7943 (GCVE-0-2018-7943)
Vulnerability from nvd – Published: 2018-06-05 15:00 – Updated: 2024-09-17 02:05
VLAI?
Summary
There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.
Severity ?
No CVSS data available.
CWE
- authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Affected:
1288H V5 V100R005C00
Affected: 2288H V5 V100R005C00 Affected: 2488 V5 V100R005C00 Affected: CH121 V3 V100R001C00 Affected: CH121L V3 V100R001C00 Affected: CH121L V5 V100R001C00 Affected: CH121 V5 V100R001C00 Affected: CH140 V3 V100R001C00 Affected: CH140L V3 V100R001C00 Affected: CH220 V3 V100R001C00 Affected: CH222 V3 V100R001C00 Affected: CH242 V3 V100R001C00 Affected: CH242 V5 V100R001C00 Affected: RH1288 V3 V100R003C00 Affected: RH2288 V3 V100R003C00 Affected: RH2288H V3 V100R003C00 Affected: XH310 V3 V100R003C00 Affected: XH321 V3 V100R003C00 Affected: XH321 V5 V100R005C00 Affected: XH620 V3 V100R003C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T14:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2018-05-30T00:00:00",
"ID": "CVE-2018-7943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7943",
"datePublished": "2018-06-05T15:00:00Z",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-09-17T02:05:37.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7951 (GCVE-0-2018-7951)
Vulnerability from nvd – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Severity ?
No CVSS data available.
CWE
- JSON injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Affected:
1288H V5 V100R005C00
Affected: 2288H V5 V100R005C00 Affected: 2488 V5 V100R005C00 Affected: CH121 V3 V100R001C00 Affected: CH121L V3 V100R001C00 Affected: CH121L V5 V100R001C00 Affected: CH121 V5 V100R001C00 Affected: CH140 V3 V100R001C00 Affected: CH140L V3 V100R001C00 Affected: CH220 V3 V100R001C00 Affected: CH222 V3 V100R001C00 Affected: CH242 V3 V100R001C00 Affected: CH242 V5 V100R001C00 Affected: RH1288 V3 V100R003C00 Affected: RH2288 V3 V100R003C00 Affected: RH2288H V3 V100R003C00 Affected: XH310 V3 V100R003C00 Affected: XH321 V3 V100R003C00 Affected: XH321 V5 V100R005C00 Affected: XH620 V3 V100R003C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "JSON injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T13:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JSON injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7951",
"datePublished": "2018-06-01T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7950 (GCVE-0-2018-7950)
Vulnerability from nvd – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Severity ?
No CVSS data available.
CWE
- JSON injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Affected:
1288H V5 V100R005C00
Affected: 2288H V5 V100R005C00 Affected: 2488 V5 V100R005C00 Affected: CH121 V3 V100R001C00 Affected: CH121L V3 V100R001C00 Affected: CH121L V5 V100R001C00 Affected: CH121 V5 V100R001C00 Affected: CH140 V3 V100R001C00 Affected: CH140L V3 V100R001C00 Affected: CH220 V3 V100R001C00 Affected: CH222 V3 V100R001C00 Affected: CH242 V3 V100R001C00 Affected: CH242 V5 V100R001C00 Affected: RH1288 V3 V100R003C00 Affected: RH2288 V3 V100R003C00 Affected: RH2288H V3 V100R003C00 Affected: XH310 V3 V100R003C00 Affected: XH321 V3 V100R003C00 Affected: XH321 V5 V100R005C00 Affected: XH620 V3 V100R003C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "JSON injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T13:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JSON injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7950",
"datePublished": "2018-06-01T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7949 (GCVE-0-2018-7949)
Vulnerability from nvd – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
Severity ?
No CVSS data available.
CWE
- privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Affected:
1288H V5 V100R005C00
Affected: 2288H V5 V100R005C00 Affected: 2488 V5 V100R005C00 Affected: CH121 V3 V100R001C00 Affected: CH121L V3 V100R001C00 Affected: CH121L V5 V100R001C00 Affected: CH121 V5 V100R001C00 Affected: CH140 V3 V100R001C00 Affected: CH140L V3 V100R001C00 Affected: CH220 V3 V100R001C00 Affected: CH222 V3 V100R001C00 Affected: CH242 V3 V100R001C00 Affected: CH242 V5 V100R001C00 Affected: RH1288 V3 V100R003C00 Affected: RH2288 V3 V100R003C00 Affected: RH2288H V3 V100R003C00 Affected: XH310 V3 V100R003C00 Affected: XH321 V3 V100R003C00 Affected: XH321 V5 V100R005C00 Affected: XH620 V3 V100R003C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T13:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7949",
"datePublished": "2018-06-01T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7941 (GCVE-0-2018-7941)
Vulnerability from nvd – Published: 2018-05-10 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
Severity ?
No CVSS data available.
CWE
- authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | iBMC |
Affected:
V200R002C60
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iBMC",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R002C60"
}
]
}
],
"datePublic": "2018-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iBMC",
"version": {
"version_data": [
{
"version_value": "V200R002C60"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7941",
"datePublished": "2018-05-10T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7842 (GCVE-0-2015-7842)
Vulnerability from nvd – Published: 2017-10-09 14:00 – Updated: 2024-08-06 07:58
VLAI?
Summary
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7842",
"datePublished": "2017-10-09T14:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7943 (GCVE-0-2018-7943)
Vulnerability from cvelistv5 – Published: 2018-06-05 15:00 – Updated: 2024-09-17 02:05
VLAI?
Summary
There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.
Severity ?
No CVSS data available.
CWE
- authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Affected:
1288H V5 V100R005C00
Affected: 2288H V5 V100R005C00 Affected: 2488 V5 V100R005C00 Affected: CH121 V3 V100R001C00 Affected: CH121L V3 V100R001C00 Affected: CH121L V5 V100R001C00 Affected: CH121 V5 V100R001C00 Affected: CH140 V3 V100R001C00 Affected: CH140L V3 V100R001C00 Affected: CH220 V3 V100R001C00 Affected: CH222 V3 V100R001C00 Affected: CH242 V3 V100R001C00 Affected: CH242 V5 V100R001C00 Affected: RH1288 V3 V100R003C00 Affected: RH2288 V3 V100R003C00 Affected: RH2288H V3 V100R003C00 Affected: XH310 V3 V100R003C00 Affected: XH321 V3 V100R003C00 Affected: XH321 V5 V100R005C00 Affected: XH620 V3 V100R003C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T14:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2018-05-30T00:00:00",
"ID": "CVE-2018-7943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7943",
"datePublished": "2018-06-05T15:00:00Z",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-09-17T02:05:37.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7951 (GCVE-0-2018-7951)
Vulnerability from cvelistv5 – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Severity ?
No CVSS data available.
CWE
- JSON injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Affected:
1288H V5 V100R005C00
Affected: 2288H V5 V100R005C00 Affected: 2488 V5 V100R005C00 Affected: CH121 V3 V100R001C00 Affected: CH121L V3 V100R001C00 Affected: CH121L V5 V100R001C00 Affected: CH121 V5 V100R001C00 Affected: CH140 V3 V100R001C00 Affected: CH140L V3 V100R001C00 Affected: CH220 V3 V100R001C00 Affected: CH222 V3 V100R001C00 Affected: CH242 V3 V100R001C00 Affected: CH242 V5 V100R001C00 Affected: RH1288 V3 V100R003C00 Affected: RH2288 V3 V100R003C00 Affected: RH2288H V3 V100R003C00 Affected: XH310 V3 V100R003C00 Affected: XH321 V3 V100R003C00 Affected: XH321 V5 V100R005C00 Affected: XH620 V3 V100R003C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "JSON injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T13:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JSON injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7951",
"datePublished": "2018-06-01T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7949 (GCVE-0-2018-7949)
Vulnerability from cvelistv5 – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
Severity ?
No CVSS data available.
CWE
- privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Affected:
1288H V5 V100R005C00
Affected: 2288H V5 V100R005C00 Affected: 2488 V5 V100R005C00 Affected: CH121 V3 V100R001C00 Affected: CH121L V3 V100R001C00 Affected: CH121L V5 V100R001C00 Affected: CH121 V5 V100R001C00 Affected: CH140 V3 V100R001C00 Affected: CH140L V3 V100R001C00 Affected: CH220 V3 V100R001C00 Affected: CH222 V3 V100R001C00 Affected: CH242 V3 V100R001C00 Affected: CH242 V5 V100R001C00 Affected: RH1288 V3 V100R003C00 Affected: RH2288 V3 V100R003C00 Affected: RH2288H V3 V100R003C00 Affected: XH310 V3 V100R003C00 Affected: XH321 V3 V100R003C00 Affected: XH321 V5 V100R005C00 Affected: XH620 V3 V100R003C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T13:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7949",
"datePublished": "2018-06-01T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7950 (GCVE-0-2018-7950)
Vulnerability from cvelistv5 – Published: 2018-06-01 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Severity ?
No CVSS data available.
CWE
- JSON injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 |
Affected:
1288H V5 V100R005C00
Affected: 2288H V5 V100R005C00 Affected: 2488 V5 V100R005C00 Affected: CH121 V3 V100R001C00 Affected: CH121L V3 V100R001C00 Affected: CH121L V5 V100R001C00 Affected: CH121 V5 V100R001C00 Affected: CH140 V3 V100R001C00 Affected: CH140L V3 V100R001C00 Affected: CH220 V3 V100R001C00 Affected: CH222 V3 V100R001C00 Affected: CH242 V3 V100R001C00 Affected: CH242 V5 V100R001C00 Affected: RH1288 V3 V100R003C00 Affected: RH2288 V3 V100R003C00 Affected: RH2288H V3 V100R003C00 Affected: XH310 V3 V100R003C00 Affected: XH321 V3 V100R003C00 Affected: XH321 V5 V100R005C00 Affected: XH620 V3 V100R003C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2288H V5 V100R005C00"
},
{
"status": "affected",
"version": "2488 V5 V100R005C00"
},
{
"status": "affected",
"version": "CH121 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH121L V5 V100R001C00"
},
{
"status": "affected",
"version": "CH121 V5 V100R001C00"
},
{
"status": "affected",
"version": "CH140 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH140L V3 V100R001C00"
},
{
"status": "affected",
"version": "CH220 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH222 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V3 V100R001C00"
},
{
"status": "affected",
"version": "CH242 V5 V100R001C00"
},
{
"status": "affected",
"version": "RH1288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288 V3 V100R003C00"
},
{
"status": "affected",
"version": "RH2288H V3 V100R003C00"
},
{
"status": "affected",
"version": "XH310 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V3 V100R003C00"
},
{
"status": "affected",
"version": "XH321 V5 V100R005C00"
},
{
"status": "affected",
"version": "XH620 V3 V100R003C00"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "JSON injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T13:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JSON injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7950",
"datePublished": "2018-06-01T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7941 (GCVE-0-2018-7941)
Vulnerability from cvelistv5 – Published: 2018-05-10 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
Severity ?
No CVSS data available.
CWE
- authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | iBMC |
Affected:
V200R002C60
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iBMC",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R002C60"
}
]
}
],
"datePublic": "2018-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iBMC",
"version": {
"version_data": [
{
"version_value": "V200R002C60"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7941",
"datePublished": "2018-05-10T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7842 (GCVE-0-2015-7842)
Vulnerability from cvelistv5 – Published: 2017-10-09 14:00 – Updated: 2024-08-06 07:58
VLAI?
Summary
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm"
},
{
"name": "76836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7842",
"datePublished": "2017-10-09T14:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}