Privilege escalation

2018-06-0114:29:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.

CPENameOperatorVersion
1288h_v5_firmwareeq100.0.0-r5-c0
2288h_v5_firmwareeq100.0.0-r5-c0
2488_v5_firmwareeq100.0.0-r5-c0
ch121_v3_firmwareeq100.0.0-r1-c0
ch121_v5_firmwareeq100.0.0-r1-c0
ch121l_v3_firmwareeq100.0.0-r1-c0
ch121l_v5_firmwareeq100.0.0-r1-c0
ch140_v3_firmwareeq100.0.0-r1-c0
ch140l_v3_firmwareeq100.0.0-r1-c0
ch220_v3_firmwareeq100.0.0-r1-c0

Name	Operator	Version
1288h_v5_firmware	eq	100.0.0-r5-c0
2288h_v5_firmware	eq	100.0.0-r5-c0
2488_v5_firmware	eq	100.0.0-r5-c0
ch121_v3_firmware	eq	100.0.0-r1-c0
ch121_v5_firmware	eq	100.0.0-r1-c0
ch121l_v3_firmware	eq	100.0.0-r1-c0
ch121l_v5_firmware	eq	100.0.0-r1-c0
ch140_v3_firmware	eq	100.0.0-r1-c0
ch140l_v3_firmware	eq	100.0.0-r1-c0
ch220_v3_firmware	eq	100.0.0-r1-c0