CVE-2018-7949
HIGHHuawei Server iBMC - Privilege Escalation via Improper Authentication
Title source: llmDescription
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en
Scores
CVSS v3
8.8
EPSS
0.0015
EPSS Percentile
34.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (20)
huawei/1288h_v5_firmware
100r005c00
huawei/2288h_v5_firmware
100r005c00
huawei/2488_v5_firmware
100r005c00
huawei/ch121_v3_firmware
100r001c00
huawei/ch121_v5_firmware
100r001c00
huawei/ch121l_v3_firmware
100r001c00
huawei/ch121l_v5_firmware
100r001c00
huawei/ch140_v3_firmware
100r001c00
huawei/ch140l_v3_firmware
100r001c00
huawei/ch220_v3_firmware
100r001c00
... and 10 more
Published
Jun 01, 2018
Tracked Since
Feb 18, 2026