VYPR

iBMC

by Huawei

CVEs (6)

  • CVE-2018-7951HigJun 1, 2018
    risk 0.57cvss 8.8epss 0.02

    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may…

  • CVE-2018-7950HigJun 1, 2018
    risk 0.57cvss 8.8epss 0.02

    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may…

  • CVE-2018-7949HigJun 1, 2018
    risk 0.57cvss 8.8epss 0.01

    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables…

  • CVE-2018-7941HigMay 10, 2018
    risk 0.57cvss 8.8epss 0.01

    Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause…

  • CVE-2018-7942HigMay 24, 2018
    risk 0.49cvss 7.5epss 0.02

    The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful…

  • CVE-2017-17323MedMar 9, 2018
    risk 0.28cvss 4.3epss 0.01

    Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful…