Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-7951 |
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. Published: June 01, 2018; 10:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2018-7950 |
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. Published: June 01, 2018; 10:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2018-7949 |
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users. Published: June 01, 2018; 10:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 4.0 MEDIUM |
CVE-2018-7942 |
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak. Published: May 24, 2018; 10:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-7941 |
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation. Published: May 10, 2018; 10:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |