Sign-up

ID

VAR-201805-1006


CVE

CVE-2018-7941


TITLE

plural Huawei Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-005039

DESCRIPTION

Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation. plural Huawei The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei iBMC is a server embedded intelligent management system developed by China Huawei (Huawei). The system has the functions of remote operation and maintenance, fault diagnosis, intelligent management and standardized interface management. The vulnerability is due to the fact that the program does not verify the correct upload permission

Trust: 1.71

sources: NVD: CVE-2018-7941 // JVNDB: JVNDB-2018-005039 // VULHUB: VHN-137973

AFFECTED PRODUCTS

vendor:huaweimodel:2488 v5scope:eqversion:100r005c00

Trust: 1.6

vendor:huaweimodel:2288h v5scope:eqversion:100r005c00

Trust: 1.6

vendor:huaweimodel:xh310 v3scope:eqversion:100r003c00

Trust: 1.6

vendor:huaweimodel:xh321 v5scope:eqversion:100r005c00

Trust: 1.6

vendor:huaweimodel:ch121 v5scope:eqversion:100r001c00

Trust: 1.6

vendor:huaweimodel:ch242 v5scope:eqversion:100r001c00

Trust: 1.6

vendor:huaweimodel:xh321 v3scope:eqversion:100r003c00

Trust: 1.6

vendor:huaweimodel:ch121l v5scope:eqversion:100r001c00

Trust: 1.6

vendor:huaweimodel:1288h v5scope:eqversion:100r005c00

Trust: 1.6

vendor:huaweimodel:xh620 v3scope:eqversion:100r003c00

Trust: 1.6

vendor:huaweimodel:rh2288h v3scope:eqversion:100r003c00

Trust: 1.0

vendor:huaweimodel:rh2288 v3scope:eqversion:100r003c00

Trust: 1.0

vendor:huaweimodel:ch220 v3scope:eqversion:100r001c00

Trust: 1.0

vendor:huaweimodel:ch121 v3scope:eqversion:100r001c00

Trust: 1.0

vendor:huaweimodel:rh1288 v3scope:eqversion:100r003c00

Trust: 1.0

vendor:huaweimodel:ch140l v3scope:eqversion:100r001c00

Trust: 1.0

vendor:huaweimodel:ch242 v3scope:eqversion:100r001c00

Trust: 1.0

vendor:huaweimodel:ch121l v3scope:eqversion:100r001c00

Trust: 1.0

vendor:huaweimodel:ch140 v3scope:eqversion:100r001c00

Trust: 1.0

vendor:huaweimodel:ch222 v3scope:eqversion:100r001c00

Trust: 1.0

vendor:huaweimodel:1288h v5scope: - version: -

Trust: 0.8

vendor:huaweimodel:2288h v5scope: - version: -

Trust: 0.8

vendor:huaweimodel:2488 v5scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch121 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch121 v5scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch121l v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch121l v5scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch140 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch140l v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch220 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch222 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch242 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:ch242 v5scope: - version: -

Trust: 0.8

vendor:huaweimodel:rh1288 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:rh2288 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:rh2288h v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:xh310 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:xh321 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:xh321 v5scope: - version: -

Trust: 0.8

vendor:huaweimodel:xh620 v3scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-005039 // CNNVD: CNNVD-201805-342 // NVD: CVE-2018-7941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7941
value: HIGH

Trust: 1.0

NVD: CVE-2018-7941
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201805-342
value: MEDIUM

Trust: 0.6

VULHUB: VHN-137973
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7941
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-137973
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7941
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137973 // JVNDB: JVNDB-2018-005039 // CNNVD: CNNVD-201805-342 // NVD: CVE-2018-7941

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-137973 // JVNDB: JVNDB-2018-005039 // NVD: CVE-2018-7941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-342

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201805-342

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005039

PATCH
title:huawei-sa-20180509-01-bypassurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en
Trust: 0.8
title:Huawei iBMC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80004
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-005039 // 
            
            
            
            CNNVD: CNNVD-201805-342

EXTERNAL IDS
db:NVDid:CVE-2018-7941
Trust: 2.5
db:JVNDBid:JVNDB-2018-005039
Trust: 0.8
db:CNNVDid:CNNVD-201805-342
Trust: 0.7
db:VULHUBid:VHN-137973
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137973 // 
            
            
            
            JVNDB: JVNDB-2018-005039 // 
            
            
            
            CNNVD: CNNVD-201805-342 // 
            
            
            
            NVD: CVE-2018-7941

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7941
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7941
Trust: 0.8
sources:
            
            
            VULHUB: VHN-137973 // 
            
            
            
            JVNDB: JVNDB-2018-005039 // 
            
            
            
            CNNVD: CNNVD-201805-342 // 
            
            
            
            NVD: CVE-2018-7941

SOURCES
db:VULHUBid:VHN-137973
db:JVNDBid:JVNDB-2018-005039
db:CNNVDid:CNNVD-201805-342
db:NVDid:CVE-2018-7941

LAST UPDATE DATE
2024-11-23T21:38:56.647000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137973date:2018-06-14T00:00:00
db:JVNDBid:JVNDB-2018-005039date:2018-07-04T00:00:00
db:CNNVDid:CNNVD-201805-342date:2018-05-11T00:00:00
db:NVDid:CVE-2018-7941date:2024-11-21T04:12:59.830

SOURCES RELEASE DATE
db:VULHUBid:VHN-137973date:2018-05-10T00:00:00
db:JVNDBid:JVNDB-2018-005039date:2018-07-04T00:00:00
db:CNNVDid:CNNVD-201805-342date:2018-05-11T00:00:00
db:NVDid:CVE-2018-7941date:2018-05-10T14:29:00.720