CVE-2018-7942

{"id": "CVE-2018-7942", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-05-24T14:29:00.610", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en", "tags": ["Broken Link"], "source": "psirt@huawei.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143686", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."}, {"lang": "es", "value": "iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto no autenticado podr\u00eda enviar algunos mensajes especialmente manipulados a los productos afectados. Debido al dise\u00f1o incorrecto de la autenticaci\u00f3n, su explotaci\u00f3n con \u00e9xito podr\u00eda provocar un filtrado de informaci\u00f3n."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970A03A9-3BD3-47CB-AE3E-DC6C354BB900"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:1288h_v5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A97FE467-E5EB-45B4-B7EA-2E8232307CEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6CF6E61-7CF1-4CEF-9282-17102E56B38E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:2288h_v5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E01F546-8E5E-4A5A-B921-DF985FF1D7ED"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D757021-44CA-4B8D-A194-7B0DEE47E5B1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:2488_v5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8494E22-C84A-4201-96A3-02D8CBAC7C02"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E85B51FC-9C85-4B5C-B544-40D1B02F06EC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D2637E43-1937-4320-AAF4-3770C332B66E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ACA0F25-613F-4D42-B634-6B7D3E57E3F4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ch121l_v3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58588D8E-57C2-466C-96DD-B7F679AC7EA7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57EFD6C9-5A39-4D9A-824E-6DD1B51C47D8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ch121l_v5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F9F3B0F-41E5-4846-B572-5EDB4BAE50F2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5283ACDA-CCB2-47F6-BCB6-5085E93B9F6F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FF9E151-2924-47F8-A20B-E413C548F9AA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}