Vulnerability Description
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | 1288H V5 Firmware | 100r005c00 |
| Huawei | 1288H V5 | - |
| Huawei | 2288H V5 Firmware | 100r005c00 |
| Huawei | 2288H V5 | - |
| Huawei | 2488 V5 Firmware | 100r005c00 |
| Huawei | 2488 V5 | - |
| Huawei | Ch242 V3 Firmware | 100r001c00 |
| Huawei | Ch242 V3 | - |
| Huawei | Ch121L V3 Firmware | 100r001c00 |
| Huawei | Ch121L V3 | - |
| Huawei | Ch121L V5 Firmware | 100r001c00 |
| Huawei | Ch121L V5 | - |
| Huawei | Ch121 V3 Firmware | 100r001c00 |
| Huawei | Ch121 V3 | - |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/143686Third Party Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-Broken Link
FAQ
What is CVE-2018-7942?
CVE-2018-7942 is a vulnerability with a CVSS score of 7.5 (HIGH). The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages ...
How severe is CVE-2018-7942?
CVE-2018-7942 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7942?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei 1288H V5 Firmware, Huawei 1288H V5, Huawei 2288H V5 Firmware, Huawei 2288H V5, Huawei 2488 V5 Firmware.