CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7943
https://notcve.org/view.php?id=CVE-2018-7943
05 Jun 2018 — There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege. Hay una vulnerabilidad de omisión de autenticación en algunos servidores Huawei. Un atacante remoto con pocos privilegios podría omitir la autenticación por medio de algunas operaciones especiales. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7949
https://notcve.org/view.php?id=CVE-2018-7949
01 Jun 2018 — The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users. iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de escalado de privilegios. Un atacante remoto no aut... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7950
https://notcve.org/view.php?id=CVE-2018-7950
01 Jun 2018 — The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de inyección JSON debido a una validación de entradas insuficie... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7951
https://notcve.org/view.php?id=CVE-2018-7951
01 Jun 2018 — The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. iBMC (Intelligent Baseboard Management Controller) en algunos servidores Huawei tiene una vulnerabilidad de inyección JSON debido a una validación de entradas insuficie... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7941
https://notcve.org/view.php?id=CVE-2018-7941
10 May 2018 — Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation. Huawei iBMC V200R002C60 tiene una vulnerabilidad de omisión de autenticación. Un atacante remoto con bajos privilegios puede manipular mensajes específicos para subir un certificado de autenticación en los product... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-bypass-en • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6825
https://notcve.org/view.php?id=CVE-2016-6825
07 Sep 2016 — Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms." Servidores Huawei XH620 V3, XH622 V3 y XH628 V3 con software en versiones anteriores a V100R03C00SPC610, servidores RH... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2016-6838
https://notcve.org/view.php?id=CVE-2016-6838
07 Sep 2016 — Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selecti... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2016-6899
https://notcve.org/view.php?id=CVE-2016-6899
07 Sep 2016 — The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2016-6900
https://notcve.org/view.php?id=CVE-2016-6900
07 Sep 2016 — The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors. Intelligent Baseboard Managem... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-server-en • CWE-399: Resource Management Errors •