CVE-2018-7951: Code Injection
First published: Fri Jun 01 2018(Updated: )
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei 1288h V5 Firmware | =100r005c00 | |
| Huawei 1288h V5 Firmware | ||
| Huawei 2288H V5 | =100r005c00 | |
| Huawei 2288h V5 Firmware | ||
| Huawei 2488 V5 Firmware | =100r005c00 | |
| Huawei 2488 V5 Firmware | ||
| Huawei CH121 V3 Server Firmware | =100r001c00 | |
| Huawei Fusionserver Ch121 V3 | ||
| Huawei CH121L V3 Firmware | =100r001c00 | |
| Huawei CH121L V3 Firmware | ||
| Huawei CH121L V5 | =100r001c00 | |
| Huawei CH121L V5 Firmware | ||
| Huawei CH121 V5 Firmware | =100r001c00 | |
| Huawei Ch121 V5 Firmware | ||
| Huawei CH140 V3 Server Firmware | =100r001c00 | |
| Huawei Ch140 V3 Server Firmware | ||
| Huawei CH140L V3 Firmware | =100r001c00 | |
| Huawei CH140L V3 Firmware | ||
| Huawei Ch220 V3 Server | =100r001c00 | |
| Huawei Ch220 V3 Server | ||
| Huawei Ch222 V3 | =100r001c00 | |
| Huawei CH222 Firmware | ||
| Huawei Tecal Ch242 V3 Firmware | =100r001c00 | |
| Huawei Tecal Ch242 V3 Firmware | ||
| Huawei Ch242 V5 | =100r001c00 | |
| Huawei Tecal Ch242 | ||
| Huawei RH1288 V3 | =100r003c00 | |
| Huawei RH1288 V3 server | ||
| Huawei Rh2288 V3 Server Firmware | =100r003c00 | |
| Huawei Rh2288 V3 Server | ||
| Huawei Xh310 V3 Firmware | =100r003c00 | |
| Huawei Xh310 V3 Firmware | ||
| Huawei Xh321 V3 | =100r003c00 | |
| Huawei XH321 V3 | ||
| Huawei Xh321 V5 | =100r005c00 | |
| Huawei XH321 V5 | ||
| Huawei RH2288H V3 Firmware | =100r003c00 | |
| Huawei RH2288H V3 Firmware | ||
| Huawei XH620 V3 Server Firmware | =100r003c00 | |
| Huawei XH620 V3 Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-7951?
CVE-2018-7951 has a medium severity rating due to its potential to allow unauthorized password changes on affected Huawei servers.
How do I fix CVE-2018-7951?
To fix CVE-2018-7951, apply the latest firmware updates from Huawei that address the JSON injection vulnerability.
Which Huawei servers are affected by CVE-2018-7951?
CVE-2018-7951 affects Huawei 1288h V5, 2288h V5, and 2488 V5 servers running specific firmware versions.
Can the CVE-2018-7951 vulnerability be exploited remotely?
Yes, an authenticated remote attacker can exploit CVE-2018-7951 to modify administrator passwords.
What type of vulnerability is CVE-2018-7951?
CVE-2018-7951 is a JSON injection vulnerability caused by insufficient input validation.
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei 1288h v5 firmware
- version/huawei 1288h v5 firmware/100r005c00
- canonical/huawei 2288h v5
- version/huawei 2288h v5/100r005c00
- canonical/huawei 2288h v5 firmware
- canonical/huawei 2488 v5 firmware
- version/huawei 2488 v5 firmware/100r005c00
- canonical/huawei ch121 v3 server firmware
- version/huawei ch121 v3 server firmware/100r001c00
- canonical/huawei fusionserver ch121 v3
- canonical/huawei ch121l v3 firmware
- version/huawei ch121l v3 firmware/100r001c00
- canonical/huawei ch121l v5
- version/huawei ch121l v5/100r001c00
- canonical/huawei ch121l v5 firmware
- canonical/huawei ch121 v5 firmware
- version/huawei ch121 v5 firmware/100r001c00
- canonical/huawei ch140 v3 server firmware
- version/huawei ch140 v3 server firmware/100r001c00
- canonical/huawei ch140l v3 firmware
- version/huawei ch140l v3 firmware/100r001c00
- canonical/huawei ch220 v3 server
- version/huawei ch220 v3 server/100r001c00
- canonical/huawei ch222 v3
- version/huawei ch222 v3/100r001c00
- canonical/huawei ch222 firmware
- canonical/huawei tecal ch242 v3 firmware
- version/huawei tecal ch242 v3 firmware/100r001c00
- canonical/huawei ch242 v5
- version/huawei ch242 v5/100r001c00
- canonical/huawei tecal ch242
- canonical/huawei rh1288 v3
- version/huawei rh1288 v3/100r003c00
- canonical/huawei rh1288 v3 server
- canonical/huawei rh2288 v3 server firmware
- version/huawei rh2288 v3 server firmware/100r003c00
- canonical/huawei rh2288 v3 server
- canonical/huawei xh310 v3 firmware
- version/huawei xh310 v3 firmware/100r003c00
- canonical/huawei xh321 v3
- version/huawei xh321 v3/100r003c00
- canonical/huawei xh321 v5
- version/huawei xh321 v5/100r005c00
- canonical/huawei rh2288h v3 firmware
- version/huawei rh2288h v3 firmware/100r003c00
- canonical/huawei xh620 v3 server firmware
- version/huawei xh620 v3 server firmware/100r003c00
- canonical/huawei xh620 v3 server