CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7943
https://notcve.org/view.php?id=CVE-2018-7943
05 Jun 2018 — There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege. Hay una vulnerabilidad de omisión de autenticación en algunos servidores Huawei. Un atacante remoto con pocos privilegios podría omitir la autenticación por medio de algunas operaciones especiales. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7950
https://notcve.org/view.php?id=CVE-2018-7950
01 Jun 2018 — The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de inyección JSON debido a una validación de entradas insuficie... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7949
https://notcve.org/view.php?id=CVE-2018-7949
01 Jun 2018 — The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users. iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de escalado de privilegios. Un atacante remoto no aut... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7951
https://notcve.org/view.php?id=CVE-2018-7951
01 Jun 2018 — The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de inyección JSON debido a una validación de entradas insuficie... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7902
https://notcve.org/view.php?id=CVE-2018-7902
24 May 2018 — Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. Huawei 1288H V5 y 288H V5 con versiones de software V100R005C00 tienen una vulnerabilidad de inyección JSON. Un atacante remoto autenticado puede desencadenar una inyección JSON para modificar l... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7904
https://notcve.org/view.php?id=CVE-2018-7904
24 May 2018 — Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. Huawei 1288H V5 y 288H V5 con versiones de software V100R005C00 tienen una vulnerabilidad de inyección JSON. Un atacante remoto autenticado puede desencadenar una inyección JSON para modificar l... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-7942
https://notcve.org/view.php?id=CVE-2018-7942
24 May 2018 — The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak. iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado podría enviar algunos mensa... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7903
https://notcve.org/view.php?id=CVE-2018-7903
24 May 2018 — Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system. Huawei 1288H V5 y 288H V5 con versiones de software V100R005C00 tienen una vulnerabilidad de inyección JSON. Un atacante remoto autenticado puede desencadenar una inyección JSON para modificar l... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7941
https://notcve.org/view.php?id=CVE-2018-7941
10 May 2018 — Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation. Huawei iBMC V200R002C60 tiene una vulnerabilidad de omisión de autenticación. Un atacante remoto con bajos privilegios puede manipular mensajes específicos para subir un certificado de autenticación en los product... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en • CWE-287: Improper Authentication •