CVE-2018-7950

2018-06-0114:00:00

huawei

www.cve.org

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

53.5%

JSON

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.

CNA Affected

[
  {
    "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "1288H V5 V100R005C00"
      },
      {
        "status": "affected",
        "version": "2288H V5 V100R005C00"
      },
      {
        "status": "affected",
        "version": "2488 V5 V100R005C00"
      },
      {
        "status": "affected",
        "version": "CH121 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH121L V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH121L V5 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH121 V5 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH140 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH140L V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH220 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH222 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH242 V3 V100R001C00"
      },
      {
        "status": "affected",
        "version": "CH242 V5 V100R001C00"
      },
      {
        "status": "affected",
        "version": "RH1288 V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "RH2288 V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "RH2288H V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "XH310 V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "XH321 V3 V100R003C00"
      },
      {
        "status": "affected",
        "version": "XH321 V5 V100R005C00"
      },
      {
        "status": "affected",
        "version": "XH620 V3 V100R003C00"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en