Vulnerability Details : CVE-2018-7949
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2018-7949
Probability of exploitation activity in the next 30 days: 0.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-7949
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-7949
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7949
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en
Security Advisory - Privilege Escalation Vulnerability in Some Huawei ServersVendor Advisory
Products affected by CVE-2018-7949
- cpe:2.3:o:huawei:rh2288_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2288h_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh1288_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch222_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch220_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch140_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch140l_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:xh310_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:xh321_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:xh620_v3_firmware:100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121_v5_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch242_v5_firmware:100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:xh321_v5_firmware:100r005c00:*:*:*:*:*:*:*