Lucene search

Huawei TechnologiesHUAWEI-SA-20180509-01-BYPASS

HistoryMay 09, 2018 - 12:00 a.m.

Security Advisory - Authentication Bypass Vulnerability in Huawei iBMC Products

2018-05-0900:00:00

Huawei Technologies

www.huawei.com

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.3%

JSON

There is an authentication bypass vulnerability in Huawei iBMC products. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation. (Vulnerability ID: HWPSIRT-2018-02055)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7941.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en

Affected configurations

Vulners

Node

huaweich121_v3_firmwareMatchch121

huaweich121_v3_firmwareMatchv3

huaweich121_v3_firmwareMatchv100r001c00

huaweich121l_v3_firmwareMatchch121l

huaweich121l_v3_firmwareMatchv3

huaweich121l_v3_firmwareMatchv100r001c00

huaweich140_v3_firmwareMatchch140

huaweich140_v3_firmwareMatchv3

huaweich140_v3_firmwareMatchv100r001c00

huaweich140l_v3_firmwareMatchch140l

huaweich140l_v3_firmwareMatchv3

huaweich140l_v3_firmwareMatchv100r001c00

huaweich220_v3_firmwareMatchch220

huaweich220_v3_firmwareMatchv3

huaweich220_v3_firmwareMatchv100r001c00

huaweich222_v3_firmwareMatchch222

huaweich222_v3_firmwareMatchv3

huaweich222_v3_firmwareMatchv100r001c00

huaweich242_v3_firmwareMatchch242

huaweich242_v3_firmwareMatchv3

huaweich242_v3_firmwareMatchv100r001c00

huaweirh1288_v3_firmwareMatchrh1288

huaweirh1288_v3_firmwareMatchv3

huaweirh1288_v3_firmwareMatchv100r003c00

huaweirh2288_v3_firmwareMatchrh2288

huaweirh2288_v3_firmwareMatchv3

huaweirh2288_v3_firmwareMatchv100r003c00

huaweirh2288h_v3_firmwareMatchrh2288h

huaweirh2288h_v3_firmwareMatchv3

huaweirh2288h_v3_firmwareMatchv100r003c00

huaweixh310_v3_firmwareMatchxh310

huaweixh310_v3_firmwareMatchv3

huaweixh310_v3_firmwareMatchv100r003c00

huaweixh321_v3_firmwareMatchxh321

huaweixh321_v3_firmwareMatchv3

huaweixh321_v3_firmwareMatchv100r003c00

huaweixh620_v3_firmwareMatchxh620

huaweixh620_v3_firmwareMatchv3

huaweixh620_v3_firmwareMatchv100r003c00

huaweich121_v5_firmwareMatchch121

huaweich121_v5_firmwareMatchv5

huaweich121_v5_firmwareMatchv100r001c00

huaweich121l_v5_firmwareMatchch121l

huaweich121l_v5_firmwareMatchv5

huaweich121l_v5_firmwareMatchv100r001c00

huaweich242_v5_firmwareMatchch242

huaweich242_v5_firmwareMatchv5

huaweich242_v5_firmwareMatchv100r001c00

huawei1288h_v5_firmwareMatch1288h

huawei1288h_v5_firmwareMatchv5

huawei1288h_v5_firmwareMatchv100r005c00

huawei2288h_v5_firmwareMatch2288h

huawei2288h_v5_firmwareMatchv5

huawei2288h_v5_firmwareMatchv100r005c00

huawei2488_v5_firmwareMatch2488

huawei2488_v5_firmwareMatchv5

huawei2488_v5_firmwareMatchv100r005c00

huaweixh321_v5_firmwareMatchxh321

huaweixh321_v5_firmwareMatchv5

huaweixh321_v5_firmwareMatchv100r005c00

VendorProductVersionCPE
huaweich121_v3_firmwarech121cpe:2.3:o:huawei:ch121_v3_firmware:ch121:*:*:*:*:*:*:*
huaweich121_v3_firmwarev3cpe:2.3:o:huawei:ch121_v3_firmware:v3:*:*:*:*:*:*:*
huaweich121_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch121_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich121l_v3_firmwarech121lcpe:2.3:o:huawei:ch121l_v3_firmware:ch121l:*:*:*:*:*:*:*
huaweich121l_v3_firmwarev3cpe:2.3:o:huawei:ch121l_v3_firmware:v3:*:*:*:*:*:*:*
huaweich121l_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch121l_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich140_v3_firmwarech140cpe:2.3:o:huawei:ch140_v3_firmware:ch140:*:*:*:*:*:*:*
huaweich140_v3_firmwarev3cpe:2.3:o:huawei:ch140_v3_firmware:v3:*:*:*:*:*:*:*
huaweich140_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch140_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich140l_v3_firmwarech140lcpe:2.3:o:huawei:ch140l_v3_firmware:ch140l:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	ch121_v3_firmware	ch121	cpe:2.3:o:huawei:ch121_v3_firmware:ch121:::::::*
huawei	ch121_v3_firmware	v3	cpe:2.3:o:huawei:ch121_v3_firmware:v3:::::::*
huawei	ch121_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch121_v3_firmware:v100r001c00:::::::*
huawei	ch121l_v3_firmware	ch121l	cpe:2.3:o:huawei:ch121l_v3_firmware:ch121l:::::::*
huawei	ch121l_v3_firmware	v3	cpe:2.3:o:huawei:ch121l_v3_firmware:v3:::::::*
huawei	ch121l_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch121l_v3_firmware:v100r001c00:::::::*
huawei	ch140_v3_firmware	ch140	cpe:2.3:o:huawei:ch140_v3_firmware:ch140:::::::*
huawei	ch140_v3_firmware	v3	cpe:2.3:o:huawei:ch140_v3_firmware:v3:::::::*
huawei	ch140_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch140_v3_firmware:v100r001c00:::::::*
huawei	ch140l_v3_firmware	ch140l	cpe:2.3:o:huawei:ch140l_v3_firmware:ch140l:::::::*

Rows per page:

1-10 of 601

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.3%

JSON

Related for HUAWEI-SA-20180509-01-BYPASS