Huawei iBMC V200R002C60 CVE-2018-7941 – Authentication Bypass

Authors:HuaWei                   Risk:High

CVE:CVE-2018-7941               0day:Authentication Bypass  

0day -id:0DAY-176165             Date:2018-05-11

Description

Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.

Software Versions and Fixes

Product Name Affected Version Resolved Product and Version
iBMC V200R002C60 Upgrade to V200R002C70SPC200

 Impact

Successful exploit may cause privilege elevation.

 Vulnerability Scoring Details

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Temporal Score: 8.2 (E:F/RL:O/RC:C)

 Technique Details

This vulnerability can be exploited only when the following conditions are present:

1. The attacker gains the access of the affected products.

Vulnerability details:

A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.

Leave a Reply