Authentication flaw

2018-05-1014:29:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.

CPENameOperatorVersion
1288h_v5_firmwareeq100.0.0-r5-c0
2288h_v5_firmwareeq100.0.0-r5-c0
2488_v5_firmwareeq100.0.0-r5-c0
ch121_v3_firmwareeq100.0.0-r1-c0
ch121_v5_firmwareeq100.0.0-r1-c0
ch121l_v3_firmwareeq100.0.0-r1-c0
ch121l_v5_firmwareeq100.0.0-r1-c0
ch140_v3_firmwareeq100.0.0-r1-c0
ch140l_v3_firmwareeq100.0.0-r1-c0
ch220_v3_firmwareeq100.0.0-r1-c0

Name	Operator	Version
1288h_v5_firmware	eq	100.0.0-r5-c0
2288h_v5_firmware	eq	100.0.0-r5-c0
2488_v5_firmware	eq	100.0.0-r5-c0
ch121_v3_firmware	eq	100.0.0-r1-c0
ch121_v5_firmware	eq	100.0.0-r1-c0
ch121l_v3_firmware	eq	100.0.0-r1-c0
ch121l_v5_firmware	eq	100.0.0-r1-c0
ch140_v3_firmware	eq	100.0.0-r1-c0
ch140l_v3_firmware	eq	100.0.0-r1-c0
ch220_v3_firmware	eq	100.0.0-r1-c0