Vulnerability Name:

CVE-2018-7941

Assigned:2018-05-09
Published:2018-05-09
Updated:2018-06-14
Summary:Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
CVSS v3 Severity:8.8 High (CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-287
References:Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en

Source: XF
Type: UNKNOWN
huawei-ibmc-sec-bypass(143110)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch121_v3:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch121l_v3:-:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:huawei:ch140_v3_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch140_v3:-:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:huawei:ch140l_v3_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch140l_v3:-:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/o:huawei:ch220_v3_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch220_v3:-:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/o:huawei:ch222_v3_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch222_v3:-:*:*:*:*:*:*:*

  • Configuration 7:
  • cpe:/o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch242_v3:-:*:*:*:*:*:*:*

  • Configuration 8:
  • cpe:/o:huawei:rh1288_v3_firmware:100r003c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:rh1288_v3:-:*:*:*:*:*:*:*

  • Configuration 9:
  • cpe:/o:huawei:rh2288_v3_firmware:100r003c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:rh2288_v3:-:*:*:*:*:*:*:*

  • Configuration 10:
  • cpe:/o:huawei:rh2288h_v3_firmware:100r003c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*

  • Configuration 11:
  • cpe:/o:huawei:xh310_v3_firmware:100r003c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:xh310_v3:-:*:*:*:*:*:*:*

  • Configuration 12:
  • cpe:/o:huawei:xh321_v3_firmware:100r003c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:xh321_v3:-:*:*:*:*:*:*:*

  • Configuration 13:
  • cpe:/o:huawei:xh620_v3_firmware:100r003c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:xh620_v3:-:*:*:*:*:*:*:*

  • Configuration 14:
  • cpe:/o:huawei:ch121_v5_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch121_v5:-:*:*:*:*:*:*:*

  • Configuration 15:
  • cpe:/o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch121l_v5:-:*:*:*:*:*:*:*

  • Configuration 16:
  • cpe:/o:huawei:ch242_v5_firmware:100r001c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:ch242_v5:-:*:*:*:*:*:*:*

  • Configuration 17:
  • cpe:/o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:1288h_v5:-:*:*:*:*:*:*:*

  • Configuration 18:
  • cpe:/o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:2288h_v5:-:*:*:*:*:*:*:*

  • Configuration 19:
  • cpe:/o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:2488_v5:-:*:*:*:*:*:*:*

  • Configuration 20:
  • cpe:/o:huawei:xh321_v5_firmware:100r005c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:xh321_v5:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    huawei ch121 v3 firmware 100r001c00
    huawei ch121 v3 -
    huawei ch121l v3 firmware 100r001c00
    huawei ch121l v3 -
    huawei ch140 v3 firmware 100r001c00
    huawei ch140 v3 -
    huawei ch140l v3 firmware 100r001c00
    huawei ch140l v3 -
    huawei ch220 v3 firmware 100r001c00
    huawei ch220 v3 -
    huawei ch222 v3 firmware 100r001c00
    huawei ch222 v3 -
    huawei ch242 v3 firmware 100r001c00
    huawei ch242 v3 -
    huawei rh1288 v3 firmware 100r003c00
    huawei rh1288 v3 -
    huawei rh2288 v3 firmware 100r003c00
    huawei rh2288 v3 -
    huawei rh2288h v3 firmware 100r003c00
    huawei rh2288h v3 -
    huawei xh310 v3 firmware 100r003c00
    huawei xh310 v3 -
    huawei xh321 v3 firmware 100r003c00
    huawei xh321 v3 -
    huawei xh620 v3 firmware 100r003c00
    huawei xh620 v3 -
    huawei ch121 v5 firmware 100r001c00
    huawei ch121 v5 -
    huawei ch121l v5 firmware 100r001c00
    huawei ch121l v5 -
    huawei ch242 v5 firmware 100r001c00
    huawei ch242 v5 -
    huawei 1288h v5 firmware 100r005c00
    huawei 1288h v5 -
    huawei 2288h v5 firmware 100r005c00
    huawei 2288h v5 -
    huawei 2488 v5 firmware 100r005c00
    huawei 2488 v5 -
    huawei xh321 v5 firmware 100r005c00
    huawei xh321 v5 -