Lucene search

Huawei TechnologiesHUAWEI-SA-20180530-01-SERVER

HistoryMay 30, 2018 - 12:00 a.m.

Security Advisory - Authentication Bypass Vulnerability in Some Huawei Servers

2018-05-3000:00:00

Huawei Technologies

www.huawei.com

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.003

Percentile

66.5%

JSON

There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users’ privilege. (Vulnerability ID: HWPSIRT-2018-02048)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7943.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en

Affected configurations

Vulners

Node

huawei1288h_v5_firmwareMatchv100r005c00

huawei2288h_v5_firmwareMatchv100r005c00

huawei2488_v5_firmwareMatchv100r005c00

huaweich121_v3_firmwareMatchv100r001c00

huaweich121l_v3_firmwareMatchv100r001c00

huaweich121l_v5_firmwareMatchv100r001c00

huaweich121_v5_firmwareMatchv100r001c00

huaweich140_v3_firmwareMatchv100r001c00

huaweich140l_v3_firmwareMatchv100r001c00

huaweich220_v3_firmwareMatchv100r001c00

huaweich222_v3_firmwareMatchv100r001c00

huaweich242_v3_firmwareMatchv100r001c00

huaweich242_v5_firmwareMatchv100r001c00

huaweirh1288_v3_firmwareMatchv100r003c00

huaweirh2288_v3_firmwareMatchv100r003c00

huaweirh2288h_v3_firmwareMatchv100r003c00

huaweixh310_v3_firmwareMatchv100r003c00

huaweixh321_v3_firmwareMatchv100r003c00

huaweixh321_v5_firmwareMatchv100r005c00

huaweixh620_v3_firmwareMatchv100r003c00

VendorProductVersionCPE
huawei1288h_v5_firmwarev100r005c00cpe:2.3:o:huawei:1288h_v5_firmware:v100r005c00:*:*:*:*:*:*:*
huawei2288h_v5_firmwarev100r005c00cpe:2.3:o:huawei:2288h_v5_firmware:v100r005c00:*:*:*:*:*:*:*
huawei2488_v5_firmwarev100r005c00cpe:2.3:o:huawei:2488_v5_firmware:v100r005c00:*:*:*:*:*:*:*
huaweich121_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch121_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich121l_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch121l_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich121l_v5_firmwarev100r001c00cpe:2.3:o:huawei:ch121l_v5_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich121_v5_firmwarev100r001c00cpe:2.3:o:huawei:ch121_v5_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich140_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch140_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich140l_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch140l_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich220_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch220_v3_firmware:v100r001c00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	1288h_v5_firmware	v100r005c00	cpe:2.3:o:huawei:1288h_v5_firmware:v100r005c00:::::::*
huawei	2288h_v5_firmware	v100r005c00	cpe:2.3:o:huawei:2288h_v5_firmware:v100r005c00:::::::*
huawei	2488_v5_firmware	v100r005c00	cpe:2.3:o:huawei:2488_v5_firmware:v100r005c00:::::::*
huawei	ch121_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch121_v3_firmware:v100r001c00:::::::*
huawei	ch121l_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch121l_v3_firmware:v100r001c00:::::::*
huawei	ch121l_v5_firmware	v100r001c00	cpe:2.3:o:huawei:ch121l_v5_firmware:v100r001c00:::::::*
huawei	ch121_v5_firmware	v100r001c00	cpe:2.3:o:huawei:ch121_v5_firmware:v100r001c00:::::::*
huawei	ch140_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch140_v3_firmware:v100r001c00:::::::*
huawei	ch140l_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch140l_v3_firmware:v100r001c00:::::::*
huawei	ch220_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch220_v3_firmware:v100r001c00:::::::*

Rows per page:

1-10 of 201

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.003

Percentile

66.5%

JSON

Related for HUAWEI-SA-20180530-01-SERVER