Input validation

2018-06-0114:29:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.8%

JSON

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.

CPENameOperatorVersion
1288h_v5_firmwareeq100.0.0-r5-c0
2288h_v5_firmwareeq100.0.0-r5-c0
2488_v5_firmwareeq100.0.0-r5-c0
ch121_v3_firmwareeq100.0.0-r1-c0
ch121_v5_firmwareeq100.0.0-r1-c0
ch121l_v3_firmwareeq100.0.0-r1-c0
ch121l_v5_firmwareeq100.0.0-r1-c0
ch140_v3_firmwareeq100.0.0-r1-c0
ch140l_v3_firmwareeq100.0.0-r1-c0
ch220_v3_firmwareeq100.0.0-r1-c0

Name	Operator	Version
1288h_v5_firmware	eq	100.0.0-r5-c0
2288h_v5_firmware	eq	100.0.0-r5-c0
2488_v5_firmware	eq	100.0.0-r5-c0
ch121_v3_firmware	eq	100.0.0-r1-c0
ch121_v5_firmware	eq	100.0.0-r1-c0
ch121l_v3_firmware	eq	100.0.0-r1-c0
ch121l_v5_firmware	eq	100.0.0-r1-c0
ch140_v3_firmware	eq	100.0.0-r1-c0
ch140l_v3_firmware	eq	100.0.0-r1-c0
ch220_v3_firmware	eq	100.0.0-r1-c0