Vulnerability CVE-2016-8106


Published: 2017-01-09

Description:
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

Vendor: Lenovo
Product: System x3500 m5 
Version: 5.05;
Product: Converged hx7510 appliance 
Version: 5.05;
Product: Nextscale nx360 m5 
Version: 5.05;
Product: Thinkserver sd350 
Version: 5.05;
Product: System x3650 m5 
Version: 5.05;
Product: System x3950 x6 
Version: 5.05;
Product: Thinkserver rd350 
Version: 5.05;
Product: System x3550 m5 
Version: 5.05;
Product: System x3850 x6 
Version: 5.05;
Product: System x3250 m5 
Version: 5.05;
Product: Converged hx5500 appliance 
Version: 5.05;
Product: Thinkserver rd650 
Version: 5.05;
Product: Thinkagile cx2200 
Version: 5.05;
Product: Thinkserver td350 
Version: 5.05;
Product: Converged hx series 
Version: 5.05;
Product: Thinkserver rd450 
Version: 5.05;
Product: Thinkagile cx4200 
Version: 5.05;
Product: Converged hx7500 appliance 
Version: 5.05;
Product: Converged hx5510 appliance 
Version: 5.05;
Product: Thinkserver rd550 
Version: 5.05;
Product: System x3750 m4 
Version: 5.05;
Product: Thinkagile cx4600 
Version: 5.05;
Vendor: Intel
Product: Ethernet controler xl710 firmware 
Version: 5.04;
Product: Ethernet controller x710 firmware 
Version: 5.04;
Product: Ethernet controler x710 firmware 
Version: 5.04;
Product: Ethernet controller xl710 firmware 
Version: 5.04;
Vendor: HP
Product: Proliant xl260a g9 server 
Product: Ethernet 10gb 2-port 562sfp+ 
Product: Ethernet 10gb 4-port 563sfp+ 
Product: Ethernet 10gb 2-port 562flr-sfp+ 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www-01.ibm.com/support/docview.wss?uid=swg22002507
http://www.securityfocus.com/bid/95333
http://www.securitytracker.com/id/1037562
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr
https://support.lenovo.com/us/en/product_security/LEN-12029

Related CVE
CVE-2019-18909
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
CVE-2019-18910
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
CVE-2019-16287
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed comma...
CVE-2019-16285
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-6333
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touc...
CVE-2019-11656
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
CVE-2019-11655
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.

Copyright 2019, cxsecurity.com

 

Back to Top