Details of VAR-201805-1007

ID

VAR-201805-1007

CVE

CVE-2018-7942

TITLE

plural Huawei Authentication vulnerabilities in server products

Trust: 0.8

sources: JVNDB: JVNDB-2018-005391

DESCRIPTION

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak. plural Huawei Server products contain authentication vulnerabilities.Information may be obtained. Huawei1288HV5 and other Huawei server models are different types of servers. Huawei 1288H V5, etc. The following products and versions are affected: 1288H V5 V100R005C00 Version; 2288H V5 V100R005C00 Version; 2488 V5 V100R005C00 Version; CH121 V3 V100R001C00 Version; CH121L V3 V100R001C00 Version; CH121L V5 V100R001C00 Version; CH121 V5 V100R001C00 Version; CH140 V3 V100R001C00 Version; CH140L V3 V100R001C00 Version; CH220 V3 V100R001C00 Version; CH222 V3 V100R001C00 Version; CH242 V3 V100R001C00 Version; CH242 V5 V100R001C00 Version; RH1288 V3 V100R003C00 Version; RH2288 V3 V100R003C00 Version; RH2288H V3 V100R003C00 Version; XH310 V3 V100R003C00 Version; XH321 V3 V100R003C00 Version; XH321 V5 V100R005C00 Version: XH620 V3 V100R003C00 version

Trust: 2.25

sources: NVD: CVE-2018-7942 // JVNDB: JVNDB-2018-005391 // CNVD: CNVD-2018-10503 // VULHUB: VHN-137974

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-10503

AFFECTED PRODUCTS

vendor:	huawei	model:	ch121l v3	scope:	eq	version:	100r001c00	Trust: 1.6
vendor:	huawei	model:	2488 v5	scope:	eq	version:	100r005c00	Trust: 1.6
vendor:	huawei	model:	ch121 v3	scope:	eq	version:	100r001c00	Trust: 1.6
vendor:	huawei	model:	2288h v5	scope:	eq	version:	100r005c00	Trust: 1.6
vendor:	huawei	model:	ch242 v3	scope:	eq	version:	100r001c00	Trust: 1.6
vendor:	huawei	model:	ch121l v5	scope:	eq	version:	100r001c00	Trust: 1.6
vendor:	huawei	model:	1288h v5	scope:	eq	version:	100r005c00	Trust: 1.6
vendor:	huawei	model:	1288h v5	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	2288h v5	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	2488 v5	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ch121 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ch121l v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ch121l v5	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ch242 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh1288 v100r003c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	rh2288 v100r003c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	rh2288h v100r003c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	1288h v100r005c00	scope:	eq	version:	v5	Trust: 0.6
vendor:	huawei	model:	2288h v100r005c00	scope:	eq	version:	v5	Trust: 0.6
vendor:	huawei	model:	ch121 v100r001c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	ch121l v100r001c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	ch121l v100r001c00	scope:	eq	version:	v5	Trust: 0.6
vendor:	huawei	model:	ch121 v100r001c00	scope:	eq	version:	v5	Trust: 0.6
vendor:	huawei	model:	ch140 v100r001c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	ch140l	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	ch220 v100r001c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	ch222 v100r001c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	ch242 v100r001c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	ch242 v100r001c00	scope:	eq	version:	v5	Trust: 0.6
vendor:	huawei	model:	v100r005c00	scope:	eq	version:	2488v5	Trust: 0.6
vendor:	huawei	model:	xh310 v100r003c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	xh321 v100r003c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	xh620 v100r003c00	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	xh321 v100r005c00	scope:	eq	version:	v5	Trust: 0.6

sources: CNVD: CNVD-2018-10503 // JVNDB: JVNDB-2018-005391 // CNNVD: CNNVD-201805-820 // NVD: CVE-2018-7942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7942
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7942
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-10503
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-820
value:	HIGH
Trust: 0.6
VULHUB:	VHN-137974
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7942
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10503
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137974
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7942
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-10503 // VULHUB: VHN-137974 // JVNDB: JVNDB-2018-005391 // CNNVD: CNNVD-201805-820 // NVD: CVE-2018-7942

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-287	Trust: 0.9

sources: VULHUB: VHN-137974 // JVNDB: JVNDB-2018-005391 // NVD: CVE-2018-7942

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-820

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201805-820

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005391

PATCH

title:	huawei-sa-20180523-01-server	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en	Trust: 0.8
title:	A variety of Huawei products IntelligentBaseboardManagement authentication bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/130565	Trust: 0.6
title:	Multiple Huawei product Intelligent Baseboard Management Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83695	Trust: 0.6

sources: CNVD: CNVD-2018-10503 // JVNDB: JVNDB-2018-005391 // CNNVD: CNNVD-201805-820

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7942	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-005391	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-820	Trust: 0.7
db:	CNVD	id:	CNVD-2018-10503	Trust: 0.6
db:	VULHUB	id:	VHN-137974	Trust: 0.1

sources: CNVD: CNVD-2018-10503 // VULHUB: VHN-137974 // JVNDB: JVNDB-2018-005391 // CNNVD: CNNVD-201805-820 // NVD: CVE-2018-7942

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/143686	Trust: 2.4
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7942	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7942	Trust: 0.8

sources: CNVD: CNVD-2018-10503 // VULHUB: VHN-137974 // JVNDB: JVNDB-2018-005391 // CNNVD: CNNVD-201805-820 // NVD: CVE-2018-7942

SOURCES

db:	CNVD	id:	CNVD-2018-10503
db:	VULHUB	id:	VHN-137974
db:	JVNDB	id:	JVNDB-2018-005391
db:	CNNVD	id:	CNNVD-201805-820
db:	NVD	id:	CVE-2018-7942

LAST UPDATE DATE

2024-11-23T23:12:07.800000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10503	date:	2018-05-29T00:00:00
db:	VULHUB	id:	VHN-137974	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-005391	date:	2018-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201805-820	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-7942	date:	2024-11-21T04:12:59.950

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-10503	date:	2018-05-29T00:00:00
db:	VULHUB	id:	VHN-137974	date:	2018-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-005391	date:	2018-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201805-820	date:	2018-05-25T00:00:00
db:	NVD	id:	CVE-2018-7942	date:	2018-05-24T14:29:00.610