admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submissions from Lenovo from 2018-11-15.

Browse Source
This commit is contained in:
CVE Team 2018-11-16 08:16:32 -05:00
parent 20fd6dc52a
commit 868c4de8ff
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 250 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2018/9xxx/CVE-2018-9071.json
View File

@ -1,8 +1,33 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9071",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "CMM Security Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chassis Management Module (CMM)",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "2.0.0"
}
]
}
}
]
},
"vendor_name" : "Lenovo"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +36,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. "
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-23806"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "Update to CMM v 2.0.0 or higher"
}
],
"source" : {
"advisory" : "LEN-23806",
"discovery" : "INTERNAL"
}
}

61
2018/9xxx/CVE-2018-9073.json
View File

@ -1,8 +1,33 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9073",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "CMM Security Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chassis Management Module (CMM)",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "2.0.0"
}
]
}
}
]
},
"vendor_name" : "Lenovo"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +36,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets. "
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Hardcoded Encryption Key"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-23806"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "Update to CMM v 2.0.0 or higher"
}
],
"source" : {
"advisory" : "LEN-23806",
"discovery" : "INTERNAL"
}
}

79
2018/9xxx/CVE-2018-9085.json
View File

@ -1,8 +1,51 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9085",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "Missing System x Flash Memory Write Protection Lock Bit"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "System x UEFI",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "varies"
}
]
}
}
]
},
"vendor_name" : "Lenovo"
},
{
"product" : {
"product_data" : [
{
"product_name" : "System x UEFI",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "varies"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +54,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. "
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "Update UEFI firmware"
}
],
"source" : {
"advisory" : "LEN-24477",
"discovery" : "INTERNAL"
}
}

61
2018/9xxx/CVE-2018-9086.json
View File

@ -1,8 +1,33 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9086",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "Legacy Server BMC Remote Command Injection"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ThinkServer BMC",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "varies"
}
]
}
}
]
},
"vendor_name" : "Lenovo"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +36,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-23836"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "Update BMC firmware"
}
],
"source" : {
"advisory" : "LEN-23836",
"discovery" : "INTERNAL"
}
}