Vulnerability CVE-2018-7112


Published: 2018-12-03

Description:
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.

Type:

CWE-200

(Information Exposure)

Vendor: HP
Product: Proliant sl4545 g7 server (amd) firmware 
Version: 2018.03.14(a);
Product: Integrated lights-out 2 firmware 
Version:
2.25
2.23
2.22
2.20
2.15
2.12
1.77
1.75
1.70
1.30
1.20
1.10
1.00
Product: Integrated lights-out 4 firmware 
Version:
2.03
2.01
1.20
1.13
1.11
Product: Integrated lights-out 3 firmware 
Version:
1.80
1.55
1.50
1.28
1.26
1.20
1.05
1.00
Product: Proliant ml110 g6 server firmware 
Product: Proliant dl160 g6 server firmware 
Product: Proliant sl160s g6 server firmware 
Product: Proliant dl170h g6 server firmware 
Product: Proliant sl2x170z g6 server firmware 
Product: Proliant dl120 g6 server firmware 
Product: Proliant ml150 g6 server firmware 
Product: Proliant dl170e g6 server firmware 
Product: Proliant sl170z g6 server firmware 
Product: Proliant dl180 g6 server firmware 
Product: Proliant dl380 g7 server firmware 

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None

 References:
http://www.securitytracker.com/id/1041984
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us

Related CVE
CVE-2019-6329
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.
CVE-2019-6328
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
CVE-2019-11986
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11985
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11984
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11983
A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
CVE-2019-11982
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
CVE-2019-11980
A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Copyright 2019, cxsecurity.com

 

Back to Top