Vulnerability CVE-2016-8106


Published: 2017-01-09

Description:
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

Vendor: Lenovo
Product: System x3500 m5 
Version: 5.05;
Product: Converged hx7510 appliance 
Version: 5.05;
Product: Nextscale nx360 m5 
Version: 5.05;
Product: Thinkserver sd350 
Version: 5.05;
Product: System x3650 m5 
Version: 5.05;
Product: System x3950 x6 
Version: 5.05;
Product: Thinkserver rd350 
Version: 5.05;
Product: System x3550 m5 
Version: 5.05;
Product: System x3850 x6 
Version: 5.05;
Product: System x3250 m5 
Version: 5.05;
Product: Converged hx5500 appliance 
Version: 5.05;
Product: Thinkserver rd650 
Version: 5.05;
Product: Thinkagile cx2200 
Version: 5.05;
Product: Thinkserver td350 
Version: 5.05;
Product: Converged hx series 
Version: 5.05;
Product: Thinkserver rd450 
Version: 5.05;
Product: Thinkagile cx4200 
Version: 5.05;
Product: Converged hx7500 appliance 
Version: 5.05;
Product: Converged hx5510 appliance 
Version: 5.05;
Product: Thinkserver rd550 
Version: 5.05;
Product: System x3750 m4 
Version: 5.05;
Product: Thinkagile cx4600 
Version: 5.05;
Vendor: Intel
Product: Ethernet controler xl710 firmware 
Version: 5.04;
Product: Ethernet controller x710 firmware 
Version: 5.04;
Product: Ethernet controler x710 firmware 
Version: 5.04;
Product: Ethernet controller xl710 firmware 
Version: 5.04;
Vendor: HP
Product: Proliant xl260a g9 server 
Product: Ethernet 10gb 2-port 562sfp+ 
Product: Ethernet 10gb 4-port 563sfp+ 
Product: Ethernet 10gb 2-port 562flr-sfp+ 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www-01.ibm.com/support/docview.wss?uid=swg22002507
http://www.securityfocus.com/bid/95333
http://www.securitytracker.com/id/1037562
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr
https://support.lenovo.com/us/en/product_security/LEN-12029

Related CVE
CVE-2019-6329
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.
CVE-2019-6328
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
CVE-2019-11986
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11985
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11984
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11983
A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
CVE-2019-11982
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
CVE-2019-11980
A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Copyright 2019, cxsecurity.com

 

Back to Top