CVE-2018-7942

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.

Published: May 24, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-7942
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
huawei / 1288h_v5_firmware	100r005c00	100r005c00.x
huawei / 2288h_v5_firmware	100r005c00	100r005c00.x
huawei / 2488_v5_firmware	100r005c00	100r005c00.x
huawei / ch242_v3_firmware	100r001c00	100r001c00.x
huawei / ch121l_v3_firmware	100r001c00	100r001c00.x
huawei / ch121l_v5_firmware	100r001c00	100r001c00.x
huawei / ch121_v3_firmware	100r001c00	100r001c00.x

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en
https://exchange.xforce.ibmcloud.com/vulnerabilities/143686

Vulnerability Database

289,599

CVE-2018-7942