CVE-2018-7943

EPSS 1.2%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.2%KEV nãoPoC —Patch —

Lifecycle

05 Jun 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege.

Affected products

Huawei Technologies Co., Ltd. · 1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-server-en