CVE-2018-7951

🗓️ 01 Jun 2018 14:00:00Reported by huaweiType

The iBMC of some Huawei servers have a JSON injection vulnerability, allowing authenticated remote attackers to modify the admin password

Reporter	Title	Published	Views	Family All 6
CNVD	Intelligent Baseboard Management Controller elevation of privilege vulnerability in multiple Huawei products (CNVD-2018-11504)	5 Jun 201800:00	–	cnvd
Cvelist	CVE-2018-7951	1 Jun 201814:00	–	cvelist
EUVD	EUVD-2018-19663	7 Oct 202500:30	–	euvd
Huawei	Security Advisory - Two JSON Injection Vulnerabilities in Some Huawei Servers	30 May 201800:00	–	huawei
NVD	CVE-2018-7951	1 Jun 201814:29	–	nvd
Prion	Input validation	1 Jun 201814:29	–	prion

NVD

Node

huawei 1288h_v5_firmwareMatch100r005c00

AND

huawei 1288h_v5Match-

Node

huawei 2288h_v5_firmwareMatch100r005c00

AND

huawei 2288h_v5Match-

Node

huawei 2488_v5_firmwareMatch100r005c00

AND

huawei 2488_v5Match-

Node

huawei ch121_v3_firmwareMatch100r001c00

AND

huawei ch121_v3Match-

Node

huawei ch121l_v3_firmwareMatch100r001c00

AND

huawei ch121l_v3Match-

Node

huawei ch121l_v5_firmwareMatch100r001c00

AND

huawei ch121l_v5Match-

Node

huawei ch121_v5_firmwareMatch100r001c00

AND

huawei ch121_v5Match-

Node

huawei ch140_v3_firmwareMatch100r001c00

AND

huawei ch140_v3Match-

Node

huawei ch140l_v3_firmwareMatch100r001c00

AND

huawei ch140l_v3Match-

Node

huawei ch220_v3_firmwareMatch100r001c00

AND

huawei ch220_v3Match-

Node

huawei ch222_v3_firmwareMatch100r001c00

AND

huawei ch222_v3Match-

Node

huawei ch242_v3_firmwareMatch100r001c00

AND

huawei ch242_v3Match-

Node

huawei ch242_v5_firmwareMatch100r001c00

AND

huawei ch242_v5Match-

Node

huawei rh1288_v3_firmwareMatch100r003c00

AND

huawei rh1288_v3Match-

Node

huawei rh2288_v3_firmwareMatch100r003c00

AND

huawei rh2288_v3Match-

Node

huawei xh310_v3_firmwareMatch100r003c00

AND

huawei xh310_v3Match-

Node

huawei xh321_v3_firmwareMatch100r003c00

AND

huawei xh321_v3Match-

Node

huawei xh321_v5_firmwareMatch100r005c00

AND

huawei xh321_v5Match-

Node

huawei rh2288h_v3_firmwareMatch100r003c00

AND

huawei rh2288h_v3Match-

Node

huawei xh620_v3_firmwareMatch100r003c00

AND

huawei xh620_v3Match-

[
  {
    "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "1288H V5 V100R005C00"
      },
      {
        "status": "affected",
        "version": "2288H V5 V100R005C00"
      },
      {
        "status": "affected",
        "version": "2488 V5 V100R005C00"
      },
      {
        "status": "affected",
        "version": "CH121 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH121L V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH121L V5 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH121 V5 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH140 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH140L V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH220 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH222 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH242 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH242 V5 V100R001C00"
      },
      {
        "status": "affected",
        "version": "RH1288 V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "RH2288 V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "RH2288H V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "XH310 V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "XH321 V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "XH321 V5 V100R005C00"
      },
      {
        "status": "affected",
        "version": "XH620 V3 V100R003C00"
      }
    ]
  }
]

Source	Link
huawei	www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en

21 Nov 2024 04:13Current

8.6High risk

Vulners AI Score8.6

CVSS 38.8

CVSS 29

EPSS0.00315

CWE-94