CVE-2018-7942
First published: Thu May 24 2018(Updated: )
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei 1288h V5 Firmware | =100r005c00 | |
| Huawei 1288h V5 Firmware | ||
| Huawei 2288H V5 | =100r005c00 | |
| Huawei 2288h V5 Firmware | ||
| Huawei 2488 V5 Firmware | =100r005c00 | |
| Huawei 2488 V5 Firmware | ||
| huawei ch242 v3 firmware | =100r001c00 | |
| huawei ch242 v3 | ||
| Huawei Ch121l V3 Firmware | =100r001c00 | |
| Huawei CH121L V3 | ||
| Huawei CH121L V5 Firmware | =100r001c00 | |
| Huawei CH121L V5 Firmware | ||
| Huawei Ch121 V3 Server Firmware | =100r001c00 | |
| Huawei Fusionserver Ch121 V3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-7942?
CVE-2018-7942 is classified as a critical vulnerability due to potential unauthorized remote access.
How do I fix CVE-2018-7942?
To mitigate CVE-2018-7942, apply the latest firmware updates provided by Huawei for affected devices.
Which Huawei products are affected by CVE-2018-7942?
CVE-2018-7942 affects several Huawei server models, including 1288H V5, 2288H V5, and 2488 V5 using version 100r005c00 of their firmware.
Can CVE-2018-7942 be exploited remotely?
Yes, CVE-2018-7942 can be exploited remotely by an unauthenticated attacker sending specially crafted messages.
What is the nature of the vulnerability in CVE-2018-7942?
CVE-2018-7942 involves an authentication bypass vulnerability due to improper authentication design in the iBMC.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei 1288h v5 firmware
- version/huawei 1288h v5 firmware/100r005c00
- canonical/huawei 2288h v5
- version/huawei 2288h v5/100r005c00
- canonical/huawei 2288h v5 firmware
- canonical/huawei 2488 v5 firmware
- version/huawei 2488 v5 firmware/100r005c00
- canonical/huawei ch242 v3 firmware
- version/huawei ch242 v3 firmware/100r001c00
- canonical/huawei ch242 v3
- canonical/huawei ch121l v3 firmware
- version/huawei ch121l v3 firmware/100r001c00
- canonical/huawei ch121l v3
- canonical/huawei ch121l v5 firmware
- version/huawei ch121l v5 firmware/100r001c00
- canonical/huawei ch121 v3 server firmware
- version/huawei ch121 v3 server firmware/100r001c00
- canonical/huawei fusionserver ch121 v3