cnvd - cnvd-2018-11076

cnvd-2018-11076

Vulnerability from cnvd

Title: 多款Huawei服务器身份验证绕过漏洞

Description:

Huawei 1288H V5等都是中国华为（Huawei）公司的不同型号的服务器设备。

多款Huawei服务器中存在身份验证绕过漏洞，该漏洞源于身份验证机制不完善。远程攻击者可通过特殊操作利用该漏洞绕过身份验证，获取敏感信息和高级别用户权限。

Severity: 高

Patch Name: 多款Huawei服务器身份验证绕过漏洞的补丁

Patch Description:

Huawei 1288H V5等都是中国华为（Huawei）公司的不同型号的服务器设备。

多款Huawei服务器中存在身份验证绕过漏洞，该漏洞源于身份验证机制不完善。远程攻击者可通过特殊操作利用该漏洞绕过身份验证，获取敏感信息和高级别用户权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180530-01-server-cn

Reference: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180530-01-server-cn

Impacted products

Name
['Huawei RH1288 V3 V100R003C00', 'Huawei RH2288 V3 V100R003C00', 'Huawei RH2288H V3 V100R003C00', 'Huawei XH620 V3 V100R003C00', 'Huawei 1288H V5 V100R005C00', 'Huawei 2288H V5 V100R005C00', 'Huawei CH121 V3 V100R001C00', 'Huawei CH121L V3 V100R001C00', 'Huawei CH121L V5 V100R001C00', 'Huawei CH121 V5 V100R001C00', 'Huawei CH140 V3 V100R001C00', 'Huawei CH140L V3', 'Huawei CH220 V3 V100R001C00', 'Huawei CH222 V3 V100R001C00', 'Huawei CH242 V3 V100R001C00', 'Huawei CH242 V5 V100R001C00', 'Huawei 2488 V5 V100R005C00', 'Huawei XH310 V3 V100R003C00', 'Huawei XH321 V3 V100R003C00', 'Huawei XH620 V3 V100R003C00', 'Huawei XH321 V5 V100R005C00']

Name

['Huawei RH1288 V3 V100R003C00', 'Huawei RH2288 V3 V100R003C00', 'Huawei RH2288H V3 V100R003C00', 'Huawei XH620 V3 V100R003C00', 'Huawei 1288H V5 V100R005C00', 'Huawei 2288H V5 V100R005C00', 'Huawei CH121 V3 V100R001C00', 'Huawei CH121L V3 V100R001C00', 'Huawei CH121L V5 V100R001C00', 'Huawei CH121 V5 V100R001C00', 'Huawei CH140 V3 V100R001C00', 'Huawei CH140L V3', 'Huawei CH220 V3 V100R001C00', 'Huawei CH222 V3 V100R001C00', 'Huawei CH242 V3 V100R001C00', 'Huawei CH242 V5 V100R001C00', 'Huawei 2488 V5 V100R005C00', 'Huawei XH310 V3 V100R003C00', 'Huawei XH321 V3 V100R003C00', 'Huawei XH620 V3 V100R003C00', 'Huawei XH321 V5 V100R005C00']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7943",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7943"
    }
  },
  "description": "Huawei 1288H V5\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e0d\u540c\u578b\u53f7\u7684\u670d\u52a1\u5668\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eHuawei\u670d\u52a1\u5668\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u4e0d\u5b8c\u5584\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u6b8a\u64cd\u4f5c\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u548c\u9ad8\u7ea7\u522b\u7528\u6237\u6743\u9650\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180530-01-server-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11076",
  "openTime": "2018-06-08",
  "patchDescription": "Huawei 1288H V5\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e0d\u540c\u578b\u53f7\u7684\u670d\u52a1\u5668\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eHuawei\u670d\u52a1\u5668\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u4e0d\u5b8c\u5584\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u6b8a\u64cd\u4f5c\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u548c\u9ad8\u7ea7\u522b\u7528\u6237\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei\u670d\u52a1\u5668\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei RH1288 V3 V100R003C00",
      "Huawei RH2288 V3 V100R003C00",
      "Huawei RH2288H V3 V100R003C00",
      "Huawei XH620 V3 V100R003C00",
      "Huawei 1288H V5 V100R005C00",
      "Huawei 2288H V5 V100R005C00",
      "Huawei CH121 V3 V100R001C00",
      "Huawei CH121L V3 V100R001C00",
      "Huawei CH121L V5 V100R001C00",
      "Huawei CH121 V5 V100R001C00",
      "Huawei CH140 V3 V100R001C00",
      "Huawei CH140L V3",
      "Huawei CH220 V3 V100R001C00",
      "Huawei CH222 V3 V100R001C00",
      "Huawei CH242 V3 V100R001C00",
      "Huawei CH242 V5 V100R001C00",
      "Huawei 2488 V5 V100R005C00",
      "Huawei XH310 V3 V100R003C00",
      "Huawei XH321 V3 V100R003C00",
      "Huawei XH620 V3 V100R003C00",
      "Huawei XH321 V5 V100R005C00"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180530-01-server-cn",
  "serverity": "\u9ad8",
  "submitTime": "2018-06-07",
  "title": "\u591a\u6b3eHuawei\u670d\u52a1\u5668\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-7943 (GCVE-0-2018-7943)

Vulnerability from cvelistv5

Published

2018-06-05 15:00

Modified

2024-09-17 02:05

Severity ?

CWE

authentication bypass

Summary

There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.

References

▼	URL	Tags
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3	Version: 1288H V5 V100R005C00 Version: 2288H V5 V100R005C00 Version: 2488 V5 V100R005C00 Version: CH121 V3 V100R001C00 Version: CH121L V3 V100R001C00 Version: CH121L V5 V100R001C00 Version: CH121 V5 V100R001C00 Version: CH140 V3 V100R001C00 Version: CH140L V3 V100R001C00 Version: CH220 V3 V100R001C00 Version: CH222 V3 V100R001C00 Version: CH242 V3 V100R001C00 Version: CH242 V5 V100R001C00 Version: RH1288 V3 V100R003C00 Version: RH2288 V3 V100R003C00 Version: RH2288H V3 V100R003C00 Version: XH310 V3 V100R003C00 Version: XH321 V3 V100R003C00 Version: XH321 V5 V100R005C00 Version: XH620 V3 V100R003C00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "1288H V5 V100R005C00"
            },
            {
              "status": "affected",
              "version": "2288H V5 V100R005C00"
            },
            {
              "status": "affected",
              "version": "2488 V5 V100R005C00"
            },
            {
              "status": "affected",
              "version": "CH121 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH121L V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH121L V5 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH121 V5 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH140 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH140L V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH220 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH222 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH242 V3 V100R001C00"
            },
            {
              "status": "affected",
              "version": "CH242 V5 V100R001C00"
            },
            {
              "status": "affected",
              "version": "RH1288 V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "RH2288 V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "RH2288H V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "XH310 V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "XH321 V3 V100R003C00"
            },
            {
              "status": "affected",
              "version": "XH321 V5 V100R005C00"
            },
            {
              "status": "affected",
              "version": "XH620 V3 V100R003C00"
            }
          ]
        }
      ],
      "datePublic": "2018-05-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-05T14:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2018-05-30T00:00:00",
          "ID": "CVE-2018-7943",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1288H V5 V100R005C00"
                          },
                          {
                            "version_value": "2288H V5 V100R005C00"
                          },
                          {
                            "version_value": "2488 V5 V100R005C00"
                          },
                          {
                            "version_value": "CH121 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH121L V3 V100R001C00"
                          },
                          {
                            "version_value": "CH121L V5 V100R001C00"
                          },
                          {
                            "version_value": "CH121 V5 V100R001C00"
                          },
                          {
                            "version_value": "CH140 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH140L V3 V100R001C00"
                          },
                          {
                            "version_value": "CH220 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH222 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH242 V3 V100R001C00"
                          },
                          {
                            "version_value": "CH242 V5 V100R001C00"
                          },
                          {
                            "version_value": "RH1288 V3 V100R003C00"
                          },
                          {
                            "version_value": "RH2288 V3 V100R003C00"
                          },
                          {
                            "version_value": "RH2288H V3 V100R003C00"
                          },
                          {
                            "version_value": "XH310 V3 V100R003C00"
                          },
                          {
                            "version_value": "XH321 V3 V100R003C00"
                          },
                          {
                            "version_value": "XH321 V5 V100R005C00"
                          },
                          {
                            "version_value": "XH620 V3 V100R003C00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users\u0027 privilege."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2018-7943",
    "datePublished": "2018-06-05T15:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-17T02:05:37.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted