If you are responsible for the administration of Huawei CH, RH and XH servers, you should react urgently. The vendor Huawei has released critical security updates for some of these server models.
Advertising
On May 30, 2018, Huawei released several security bulletins with critical updates to fix vulnerabilities in its Huawei CH, RH and XH servers. Here is the list of articles from May 30th – there are more advisories from May 23rd and earlier on the above page.
- Security Advisory – Stored XSS Vulnerability in eSpace Desktop
- Security Advisory – Two JSON Injection Vulnerabilities in Some Huawei Servers
- Security Advisory – Authentication Bypass Vulnerability in Some Huawei Servers
- Security Advisory – Privilege Escalation Vulnerability in Some Huawei Servers
The vulnerabilities found allow attackers to request elevated privileges and change passwords. The bugs classified as high in terms of safety and are located in the Intelligent Baseboard Management Controller (iBMC). Details can be obtained from the articles linked in the Security Center.
