CVE-2018-7950: Code Injection
First published: Fri Jun 01 2018(Updated: )
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei 1288h V5 Firmware | =100r005c00 | |
| Huawei 1288h V5 Firmware | ||
| Huawei 2288H V5 | =100r005c00 | |
| Huawei 2288h V5 Firmware | ||
| Huawei 2488 V5 Firmware | =100r005c00 | |
| Huawei 2488 V5 Firmware | ||
| Huawei Ch121 V3 Server Firmware | =100r001c00 | |
| Huawei Fusionserver Ch121 V3 | ||
| Huawei Ch121l V3 Firmware | =100r001c00 | |
| Huawei CH121L V3 | ||
| Huawei CH121L V5 Firmware | =100r001c00 | |
| Huawei CH121L V5 Firmware | ||
| Huawei CH121L V5 | =100r001c00 | |
| Huawei Ch121 V5 Firmware | ||
| Huawei Ch140 V3 Server Firmware | =100r001c00 | |
| Huawei Ch140 V3 Server Firmware | ||
| Huawei CH140L V3 | =100r001c00 | |
| Huawei CH140L V3 | ||
| Huawei Ch220 V3 Server | =100r001c00 | |
| Huawei Ch220 V3 Server | ||
| Huawei Ch222 V3 | =100r001c00 | |
| Huawei Fusionserver Ch222 V3 | ||
| huawei ch242 v3 firmware | =100r001c00 | |
| huawei ch242 v3 | ||
| Huawei Ch242 V5 | =100r001c00 | |
| Huawei Ch242 V5 Firmware | ||
| Huawei Rh1288 V3 Server Firmware | =100r003c00 | |
| Huawei RH1288 V3 server | ||
| Huawei Rh2288 V3 Firmware | =100r003c00 | |
| Huawei Fusionserver Rh2288 V3 | ||
| Huawei Xh310 V3 Firmware | =100r003c00 | |
| Huawei Xh310 V3 | ||
| Huawei Xh321 V3 Firmware | =100r003c00 | |
| Huawei Xh321 V3 | ||
| Huawei Xh321 V5 Firmware | =100r005c00 | |
| Huawei Xh321 V5 | ||
| Huawei Rh2288h V3 Firmware | =100r003c00 | |
| Huawei Fusionserver RH2288H V3 | ||
| Huawei Xh620 V3 Firmware | =100r003c00 | |
| Huawei Xh620 V3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-7950?
CVE-2018-7950 is classified as a high-severity vulnerability due to its potential to allow unauthorized password modifications.
Which devices are affected by CVE-2018-7950?
CVE-2018-7950 affects specific firmware versions of Huawei servers, including the 1288h V5, 2288h V5, 2488 V5, and multiple others listed in the vulnerability details.
How do I fix CVE-2018-7950?
To mitigate CVE-2018-7950, update the firmware of the affected Huawei devices to the latest version that addresses this vulnerability.
Can CVE-2018-7950 be exploited remotely?
Yes, CVE-2018-7950 can be exploited remotely by an authenticated attacker through JSON injection techniques.
What impact does CVE-2018-7950 have on device security?
CVE-2018-7950 can lead to unauthorized access and control over administrative accounts on affected Huawei devices, posing a significant security risk.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei 1288h v5 firmware
- version/huawei 1288h v5 firmware/100r005c00
- canonical/huawei 2288h v5
- version/huawei 2288h v5/100r005c00
- canonical/huawei 2288h v5 firmware
- canonical/huawei 2488 v5 firmware
- version/huawei 2488 v5 firmware/100r005c00
- canonical/huawei ch121 v3 server firmware
- version/huawei ch121 v3 server firmware/100r001c00
- canonical/huawei fusionserver ch121 v3
- canonical/huawei ch121l v3 firmware
- version/huawei ch121l v3 firmware/100r001c00
- canonical/huawei ch121l v3
- canonical/huawei ch121l v5 firmware
- version/huawei ch121l v5 firmware/100r001c00
- canonical/huawei ch121l v5
- version/huawei ch121l v5/100r001c00
- canonical/huawei ch121 v5 firmware
- canonical/huawei ch140 v3 server firmware
- version/huawei ch140 v3 server firmware/100r001c00
- canonical/huawei ch140l v3
- version/huawei ch140l v3/100r001c00
- canonical/huawei ch220 v3 server
- version/huawei ch220 v3 server/100r001c00
- canonical/huawei ch222 v3
- version/huawei ch222 v3/100r001c00
- canonical/huawei fusionserver ch222 v3
- canonical/huawei ch242 v3 firmware
- version/huawei ch242 v3 firmware/100r001c00
- canonical/huawei ch242 v3
- canonical/huawei ch242 v5
- version/huawei ch242 v5/100r001c00
- canonical/huawei ch242 v5 firmware
- canonical/huawei rh1288 v3 server firmware
- version/huawei rh1288 v3 server firmware/100r003c00
- canonical/huawei rh1288 v3 server
- canonical/huawei rh2288 v3 firmware
- version/huawei rh2288 v3 firmware/100r003c00
- canonical/huawei fusionserver rh2288 v3
- canonical/huawei xh310 v3 firmware
- version/huawei xh310 v3 firmware/100r003c00
- canonical/huawei xh310 v3
- canonical/huawei xh321 v3 firmware
- version/huawei xh321 v3 firmware/100r003c00
- canonical/huawei xh321 v3
- canonical/huawei xh321 v5 firmware
- version/huawei xh321 v5 firmware/100r005c00
- canonical/huawei xh321 v5
- canonical/huawei rh2288h v3 firmware
- version/huawei rh2288h v3 firmware/100r003c00
- canonical/huawei fusionserver rh2288h v3
- canonical/huawei xh620 v3 firmware
- version/huawei xh620 v3 firmware/100r003c00
- canonical/huawei xh620 v3