CVE-2018-7942
HIGHHuawei iBMC - Unauthenticated Authentication Bypass via Crafted Messages
Title source: llmDescription
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
References (2)
Core 2
Core References
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/143686
Broken Link x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en
Scores
CVSS v3
7.5
EPSS
0.0028
EPSS Percentile
51.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (7)
huawei/1288h_v5_firmware
100r005c00
huawei/2288h_v5_firmware
100r005c00
huawei/2488_v5_firmware
100r005c00
huawei/ch121_v3_firmware
100r001c00
huawei/ch121l_v3_firmware
100r001c00
huawei/ch121l_v5_firmware
100r001c00
huawei/ch242_v3_firmware
100r001c00
Published
May 24, 2018
Tracked Since
Feb 18, 2026