Vulnerability CVE-2016-8106


Published: 2017-01-09

Description:
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

Vendor: Lenovo
Product: System x3500 m5 
Version: 5.05;
Product: Converged hx7510 appliance 
Version: 5.05;
Product: Nextscale nx360 m5 
Version: 5.05;
Product: Thinkserver sd350 
Version: 5.05;
Product: System x3650 m5 
Version: 5.05;
Product: System x3950 x6 
Version: 5.05;
Product: Thinkserver rd350 
Version: 5.05;
Product: System x3550 m5 
Version: 5.05;
Product: System x3850 x6 
Version: 5.05;
Product: System x3250 m5 
Version: 5.05;
Product: Converged hx5500 appliance 
Version: 5.05;
Product: Thinkserver rd650 
Version: 5.05;
Product: Thinkagile cx2200 
Version: 5.05;
Product: Thinkserver td350 
Version: 5.05;
Product: Converged hx series 
Version: 5.05;
Product: Thinkserver rd450 
Version: 5.05;
Product: Thinkagile cx4200 
Version: 5.05;
Product: Converged hx7500 appliance 
Version: 5.05;
Product: Converged hx5510 appliance 
Version: 5.05;
Product: Thinkserver rd550 
Version: 5.05;
Product: System x3750 m4 
Version: 5.05;
Product: Thinkagile cx4600 
Version: 5.05;
Vendor: Intel
Product: Ethernet controler xl710 firmware 
Version: 5.04;
Product: Ethernet controller x710 firmware 
Version: 5.04;
Product: Ethernet controler x710 firmware 
Version: 5.04;
Product: Ethernet controller xl710 firmware 
Version: 5.04;
Vendor: HP
Product: Proliant xl260a g9 server 
Product: Ethernet 10gb 2-port 562sfp+ 
Product: Ethernet 10gb 4-port 563sfp+ 
Product: Ethernet 10gb 2-port 562flr-sfp+ 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www-01.ibm.com/support/docview.wss?uid=swg22002507
http://www.securityfocus.com/bid/95333
http://www.securitytracker.com/id/1037562
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr
https://support.lenovo.com/us/en/product_security/LEN-12029

Related CVE
CVE-2018-5927
HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.
CVE-2018-5926
A potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier.
CVE-2018-5923
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.
CVE-2017-2752
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as...
CVE-2017-2748
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
CVE-2019-3484
Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.
CVE-2019-3483
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.
CVE-2019-3482
Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.

Copyright 2019, cxsecurity.com

 

Back to Top