製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Huawei 製品における認証に関する脆弱性

Title	複数の Huawei 製品における認証に関する脆弱性
Summary	複数の Huawei 製品には、認証に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 30, 2018, midnight
Registration Date	July 24, 2018, 4:34 p.m.
Last Update	July 24, 2018, 4:34 p.m.

CVSS3.0 : 重要
Score	8.8
Vector	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:L/Au:S/C:P/I:N/A:N

Affected System

Huawei

1288H V5 ファームウェア

2288H V5 ファームウェア

2488 V5 ファームウェア

CH121 V3 ファームウェア

CH121 V5 ファームウェア

CH121L V3 ファームウェア

CH121L V5 ファームウェア

CH140 V3 ファームウェア

CH140L V3 ファームウェア

CH220 V3 ファームウェア

CH222 V3 ファームウェア

CH242 V3 ファームウェア

CH242 V5 ファームウェア

RH1288 V3 ファームウェア

RH2288 V3 ファームウェア

RH2288H V3 ファームウェア

XH310 V3 ファームウェア

XH321 V3 ファームウェア

XH321 V5 ファームウェア

XH620 V3 ファームウェア

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-7949	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7949
National Vulnerability Database (NVD)
2	CVE-2018-7949	https://nvd.nist.gov/vuln/detail/CVE-2018-7949

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-287	https://jvndb.jvn.jp/ja/cwe/CWE-287.html

ベンダー情報

No	Name	URL
Security Advisory
1	huawei-sa-20180530-03-server	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en

Change Log

No	Changed Details	Date of change
1	[2018年07月24日] 掲載	July 24, 2018, 4:34 p.m.

NVD Vulnerability Information

CVE-2018-7949

Summary	The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
Publication Date	June 1, 2018, 11:29 p.m.
Registration Date	March 1, 2021, 7:39 p.m.
Last Update	Nov. 21, 2024, 1:13 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:huawei:1288h_v5_firmware:100r005c00:::::::*
execution environment
1	cpe:2.3:h:huawei:1288h_v5:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:huawei:2288h_v5_firmware:100r005c00:::::::*
execution environment
1	cpe:2.3:h:huawei:2288h_v5:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:huawei:2488_v5_firmware:100r005c00:::::::*
execution environment
1	cpe:2.3:h:huawei:2488_v5:-:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch121_v3_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch121_v3:-:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch121l_v3_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch121l_v3:-:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch121l_v5_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch121l_v5:-:::::::*

Configuration7		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch121_v5_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch121_v5:-:::::::*

Configuration8		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch140_v3_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch140_v3:-:::::::*

Configuration9		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch140l_v3_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch140l_v3:-:::::::*

Configuration10		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch220_v3_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch220_v3:-:::::::*

Configuration11		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch222_v3_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch222_v3:-:::::::*

Configuration12		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch242_v3_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch242_v3:-:::::::*

Configuration13		or higher	or less	more than	less than
cpe:2.3:o:huawei:ch242_v5_firmware:100r001c00:::::::*
execution environment
1	cpe:2.3:h:huawei:ch242_v5:-:::::::*

Configuration14		or higher	or less	more than	less than
cpe:2.3:o:huawei:rh1288_v3_firmware:100r003c00:::::::*
execution environment
1	cpe:2.3:h:huawei:rh1288_v3:-:::::::*

Configuration15		or higher	or less	more than	less than
cpe:2.3:o:huawei:rh2288_v3_firmware:100r003c00:::::::*
execution environment
1	cpe:2.3:h:huawei:rh2288_v3:-:::::::*

Configuration16		or higher	or less	more than	less than
cpe:2.3:o:huawei:xh310_v3_firmware:100r003c00:::::::*
execution environment
1	cpe:2.3:h:huawei:xh310_v3:-:::::::*

Configuration17		or higher	or less	more than	less than
cpe:2.3:o:huawei:xh321_v3_firmware:100r003c00:::::::*
execution environment
1	cpe:2.3:h:huawei:xh321_v3:-:::::::*

Configuration18		or higher	or less	more than	less than
cpe:2.3:o:huawei:xh321_v5_firmware:100r005c00:::::::*
execution environment
1	cpe:2.3:h:huawei:xh321_v5:-:::::::*

Configuration19		or higher	or less	more than	less than
cpe:2.3:o:huawei:rh2288h_v3_firmware:100r003c00:::::::*
execution environment
1	cpe:2.3:h:huawei:rh2288h_v3:-:::::::*

Configuration20		or higher	or less	more than	less than
cpe:2.3:o:huawei:xh620_v3_firmware:100r003c00:::::::*
execution environment
1	cpe:2.3:h:huawei:xh620_v3:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en		Vendor Advisory
2	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en		Vendor Advisory

Common Vulnerabilities List