CVE-2018-7949
First published: Fri Jun 01 2018(Updated: )
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei 1288h V5 Firmware | =100r005c00 | |
| Huawei 1288h V5 Firmware | ||
| Huawei 2288H V5 | =100r005c00 | |
| Huawei 2288h V5 Firmware | ||
| Huawei 2488 V5 Firmware | =100r005c00 | |
| Huawei 2488 V5 Firmware | ||
| Huawei Ch121 V3 Server Firmware | =100r001c00 | |
| Huawei Fusionserver Ch121 V3 | ||
| Huawei Ch121l V3 Firmware | =100r001c00 | |
| Huawei CH121L V3 | ||
| Huawei CH121L V5 Firmware | =100r001c00 | |
| Huawei CH121L V5 Firmware | ||
| Huawei CH121L V5 | =100r001c00 | |
| Huawei Ch121 V5 Firmware | ||
| Huawei Ch140 V3 Server Firmware | =100r001c00 | |
| Huawei Ch140 V3 Server Firmware | ||
| Huawei CH140L V3 | =100r001c00 | |
| Huawei CH140L V3 | ||
| Huawei Ch220 V3 Server | =100r001c00 | |
| Huawei Ch220 V3 Server | ||
| Huawei Ch222 V3 | =100r001c00 | |
| Huawei Fusionserver Ch222 V3 | ||
| huawei ch242 v3 firmware | =100r001c00 | |
| huawei ch242 v3 | ||
| Huawei Ch242 V5 | =100r001c00 | |
| Huawei Ch242 V5 Firmware | ||
| Huawei Rh1288 V3 Server Firmware | =100r003c00 | |
| Huawei RH1288 V3 server | ||
| Huawei Rh2288 V3 Firmware | =100r003c00 | |
| Huawei Fusionserver Rh2288 V3 | ||
| Huawei Xh310 V3 Firmware | =100r003c00 | |
| Huawei Xh310 V3 | ||
| Huawei Xh321 V3 Firmware | =100r003c00 | |
| Huawei Xh321 V3 | ||
| Huawei Xh321 V5 Firmware | =100r005c00 | |
| Huawei Xh321 V5 | ||
| Huawei Rh2288h V3 Firmware | =100r003c00 | |
| Huawei Fusionserver RH2288H V3 | ||
| Huawei Xh620 V3 Firmware | =100r003c00 | |
| Huawei Xh620 V3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-7949?
CVE-2018-7949 has a medium severity rating due to its potential for privilege escalation.
How do I fix CVE-2018-7949?
To fix CVE-2018-7949, update the affected Huawei firmware to the latest patched version.
Which Huawei servers are affected by CVE-2018-7949?
CVE-2018-7949 affects multiple Huawei servers running specific firmware versions, including the Huawei 1288h V5, 2288h V5, and 2488 V5.
What type of vulnerability is CVE-2018-7949?
CVE-2018-7949 is a privilege escalation vulnerability that allows low-privileged users to gain higher privileges.
Can CVE-2018-7949 be exploited remotely?
Yes, CVE-2018-7949 can be exploited remotely by sending specially crafted login messages to the affected devices.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei 1288h v5 firmware
- version/huawei 1288h v5 firmware/100r005c00
- canonical/huawei 2288h v5
- version/huawei 2288h v5/100r005c00
- canonical/huawei 2288h v5 firmware
- canonical/huawei 2488 v5 firmware
- version/huawei 2488 v5 firmware/100r005c00
- canonical/huawei ch121 v3 server firmware
- version/huawei ch121 v3 server firmware/100r001c00
- canonical/huawei fusionserver ch121 v3
- canonical/huawei ch121l v3 firmware
- version/huawei ch121l v3 firmware/100r001c00
- canonical/huawei ch121l v3
- canonical/huawei ch121l v5 firmware
- version/huawei ch121l v5 firmware/100r001c00
- canonical/huawei ch121l v5
- version/huawei ch121l v5/100r001c00
- canonical/huawei ch121 v5 firmware
- canonical/huawei ch140 v3 server firmware
- version/huawei ch140 v3 server firmware/100r001c00
- canonical/huawei ch140l v3
- version/huawei ch140l v3/100r001c00
- canonical/huawei ch220 v3 server
- version/huawei ch220 v3 server/100r001c00
- canonical/huawei ch222 v3
- version/huawei ch222 v3/100r001c00
- canonical/huawei fusionserver ch222 v3
- canonical/huawei ch242 v3 firmware
- version/huawei ch242 v3 firmware/100r001c00
- canonical/huawei ch242 v3
- canonical/huawei ch242 v5
- version/huawei ch242 v5/100r001c00
- canonical/huawei ch242 v5 firmware
- canonical/huawei rh1288 v3 server firmware
- version/huawei rh1288 v3 server firmware/100r003c00
- canonical/huawei rh1288 v3 server
- canonical/huawei rh2288 v3 firmware
- version/huawei rh2288 v3 firmware/100r003c00
- canonical/huawei fusionserver rh2288 v3
- canonical/huawei xh310 v3 firmware
- version/huawei xh310 v3 firmware/100r003c00
- canonical/huawei xh310 v3
- canonical/huawei xh321 v3 firmware
- version/huawei xh321 v3 firmware/100r003c00
- canonical/huawei xh321 v3
- canonical/huawei xh321 v5 firmware
- version/huawei xh321 v5 firmware/100r005c00
- canonical/huawei xh321 v5
- canonical/huawei rh2288h v3 firmware
- version/huawei rh2288h v3 firmware/100r003c00
- canonical/huawei fusionserver rh2288h v3
- canonical/huawei xh620 v3 firmware
- version/huawei xh620 v3 firmware/100r003c00
- canonical/huawei xh620 v3