CVE-2018-7941
First published: Thu May 10 2018(Updated: )
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Ch121 V3 Server Firmware | =100r001c00 | |
| Huawei Fusionserver Ch121 V3 | ||
| Huawei Ch121l V3 Firmware | =100r001c00 | |
| Huawei CH121L V3 | ||
| Huawei Ch140 V3 Server Firmware | =100r001c00 | |
| Huawei Ch140 V3 Server Firmware | ||
| Huawei CH140L V3 | =100r001c00 | |
| Huawei CH140L V3 | ||
| Huawei Ch220 V3 Server | =100r001c00 | |
| Huawei Ch220 V3 Server | ||
| Huawei Ch222 V3 | =100r001c00 | |
| Huawei Fusionserver Ch222 V3 | ||
| huawei ch242 v3 firmware | =100r001c00 | |
| huawei ch242 v3 | ||
| Huawei Rh1288 V3 Server Firmware | =100r003c00 | |
| Huawei RH1288 V3 server | ||
| Huawei Rh2288 V3 Firmware | =100r003c00 | |
| Huawei Fusionserver Rh2288 V3 | ||
| Huawei Rh2288h V3 Firmware | =100r003c00 | |
| Huawei Fusionserver RH2288H V3 | ||
| Huawei Xh310 V3 Firmware | =100r003c00 | |
| Huawei Xh310 V3 | ||
| Huawei Xh321 V3 Firmware | =100r003c00 | |
| Huawei Xh321 V3 | ||
| Huawei Xh620 V3 Firmware | =100r003c00 | |
| Huawei Xh620 V3 | ||
| Huawei CH121L V5 | =100r001c00 | |
| Huawei Ch121 V5 Firmware | ||
| Huawei CH121L V5 Firmware | =100r001c00 | |
| Huawei CH121L V5 Firmware | ||
| Huawei Ch242 V5 | =100r001c00 | |
| Huawei Ch242 V5 Firmware | ||
| Huawei 1288h V5 Firmware | =100r005c00 | |
| Huawei 1288h V5 Firmware | ||
| Huawei 2288H V5 | =100r005c00 | |
| Huawei 2288h V5 Firmware | ||
| Huawei 2488 V5 Firmware | =100r005c00 | |
| Huawei 2488 V5 Firmware | ||
| Huawei Xh321 V5 Firmware | =100r005c00 | |
| Huawei Xh321 V5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-7941?
CVE-2018-7941 is classified as a critical vulnerability due to its potential for privilege escalation.
How do I fix CVE-2018-7941?
To fix CVE-2018-7941, update to the latest firmware versions provided by Huawei that address this vulnerability.
What type of attack is possible with CVE-2018-7941?
CVE-2018-7941 allows remote attackers to bypass authentication and potentially gain elevated privileges.
Which Huawei products are affected by CVE-2018-7941?
CVE-2018-7941 affects multiple Huawei iBMC systems, particularly those running specified firmware versions.
What changes in product behavior can be expected due to CVE-2018-7941?
Exploitation of CVE-2018-7941 may allow unauthorized users to upload authentication certificates, leading to unauthorized access.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei ch121 v3 server firmware
- version/huawei ch121 v3 server firmware/100r001c00
- canonical/huawei fusionserver ch121 v3
- canonical/huawei ch121l v3 firmware
- version/huawei ch121l v3 firmware/100r001c00
- canonical/huawei ch121l v3
- canonical/huawei ch140 v3 server firmware
- version/huawei ch140 v3 server firmware/100r001c00
- canonical/huawei ch140l v3
- version/huawei ch140l v3/100r001c00
- canonical/huawei ch220 v3 server
- version/huawei ch220 v3 server/100r001c00
- canonical/huawei ch222 v3
- version/huawei ch222 v3/100r001c00
- canonical/huawei fusionserver ch222 v3
- canonical/huawei ch242 v3 firmware
- version/huawei ch242 v3 firmware/100r001c00
- canonical/huawei ch242 v3
- canonical/huawei rh1288 v3 server firmware
- version/huawei rh1288 v3 server firmware/100r003c00
- canonical/huawei rh1288 v3 server
- canonical/huawei rh2288 v3 firmware
- version/huawei rh2288 v3 firmware/100r003c00
- canonical/huawei fusionserver rh2288 v3
- canonical/huawei rh2288h v3 firmware
- version/huawei rh2288h v3 firmware/100r003c00
- canonical/huawei fusionserver rh2288h v3
- canonical/huawei xh310 v3 firmware
- version/huawei xh310 v3 firmware/100r003c00
- canonical/huawei xh310 v3
- canonical/huawei xh321 v3 firmware
- version/huawei xh321 v3 firmware/100r003c00
- canonical/huawei xh321 v3
- canonical/huawei xh620 v3 firmware
- version/huawei xh620 v3 firmware/100r003c00
- canonical/huawei xh620 v3
- canonical/huawei ch121l v5
- version/huawei ch121l v5/100r001c00
- canonical/huawei ch121 v5 firmware
- canonical/huawei ch121l v5 firmware
- version/huawei ch121l v5 firmware/100r001c00
- canonical/huawei ch242 v5
- version/huawei ch242 v5/100r001c00
- canonical/huawei ch242 v5 firmware
- canonical/huawei 1288h v5 firmware
- version/huawei 1288h v5 firmware/100r005c00
- canonical/huawei 2288h v5
- version/huawei 2288h v5/100r005c00
- canonical/huawei 2288h v5 firmware
- canonical/huawei 2488 v5 firmware
- version/huawei 2488 v5 firmware/100r005c00
- canonical/huawei xh321 v5 firmware
- version/huawei xh321 v5 firmware/100r005c00
- canonical/huawei xh321 v5