Vulnerability Details : CVE-2018-7941
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
Vulnerability category: BypassGain privilege
Products affected by CVE-2018-7941
- cpe:2.3:o:huawei:rh2288_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2288h_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh1288_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch222_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch220_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch140_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch140l_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:xh310_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:xh321_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:xh620_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121_v5_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch242_v5_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:xh321_v5_firmware:100r005c00:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7941
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7941
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-7941
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7941
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en
Security Advisory - Authentication Bypass Vulnerability in Huawei iBMC ProductsVendor Advisory
Jump to