{ "id": "CVE-2018-9085", "sourceIdentifier": "psirt@lenovo.com", "published": "2018-11-16T14:29:00.427", "lastModified": "2024-11-21T04:14:56.817", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors." }, { "lang": "es", "value": "Se ha dejado sin establecer un bit de bloqueo de protecci\u00f3n de escritura tras el arranque en una generaci\u00f3n m\u00e1s antigua de los servidores x de Lenovo y IBM System, lo que podr\u00eda permitir que un atacante con acceso de administrador modifique el subconjunto de memoria flash que contiene Intel SPS (Server Platform Services) y los descriptores flash del sistema." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE" }, "exploitabilityScore": 1.2, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-276" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "a3e122b", "matchCriteriaId": "4615A750-2A3B-47B4-89EE-A3232E19CAF2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "cge122b", "matchCriteriaId": "EBEEBA90-3902-48F4-AFF2-708C0F1732B6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "a5e124b", "matchCriteriaId": "69B6C713-88F0-46FA-9BA0-A8990742BF56" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "tke160c", "matchCriteriaId": "EAC299FF-82AF-4B45-8646-8EEA9A9A7EB6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:bladecenter:hs23:-:*:*:*:*:*:*", "matchCriteriaId": "F6EB37C6-274D-420A-A870-508105E94A09" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "ahe160c", "matchCriteriaId": "B02CA18F-9C74-4F42-8306-D41CAC6AF823" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:-:*:*:*:*:*:*", "matchCriteriaId": "A6035D4E-3B1E-4882-AD00-622A5A14E428" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flex_system_x220_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "kse158c", "matchCriteriaId": "0D4A9615-D41C-4D0E-B2F0-2F7193F4FB95" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flex_system_x220:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD06E939-3D9E-4254-B570-0C9D79E1A6EE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flex_system_x222_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "cce160c", "matchCriteriaId": "386977A4-311D-48AE-BD40-17F1349F4912" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "ahe160c", "matchCriteriaId": "5D66C4AB-D69B-4D90-9F47-C590048582EE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flex_system_x280_x6_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "n3e132w", "matchCriteriaId": "348B1A1E-5617-4EA1-B562-5605EE463AFC" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flex_system_x280_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F33B121-C777-4D32-B601-B32E3D240761" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "cne162d", "matchCriteriaId": "EC3C5FED-59D7-4EB9-BE2F-C0CB0266348D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flex_system_x480_x6_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "n3e132w", "matchCriteriaId": "C1AFF5F6-2183-448D-A43E-9F13E6219E8D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flex_system_x480_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C2B5F19-EE82-4DA4-9ACD-505943C4EC8C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flex_system_x880_x6_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "n2e130e", "matchCriteriaId": "7656DBE9-CC1A-441D-95CA-2DC524ECEDE0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flex_system_x880_x6:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BED0E10-71B6-4323-96F5-B98D4FE7C7AB" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "fhe120d", "matchCriteriaId": "088D5D83-67AB-43C4-BFC8-F80F86B24DAA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_:-:*:*:*:*:*:*:*", "matchCriteriaId": "10ECC957-AC46-4141-9587-2A61F5F0C8D4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "fhe120d", "matchCriteriaId": "07F99BB6-2E71-44B0-8910-EE4945EAE096" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_:-:*:*:*:*:*:*:*", "matchCriteriaId": "10ECC957-AC46-4141-9587-2A61F5F0C8D4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3100_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "jqe184c", "matchCriteriaId": "075B4B38-E5F0-4B21-9F42-8571C2DE2710" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3100_m4:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A654AB-188E-47B2-8C6D-6EA5C824B75B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3100_m5_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "j9e134c", "matchCriteriaId": "1DC44F64-B03F-4BF6-9D18-F800C95F486B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3100_m5:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0CDF041-DA1B-4657-B86C-6509F3DA4415" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3250_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "jqe184c", "matchCriteriaId": "6A9A0EF2-F0DF-46EB-BBE1-5CE2A9F346F2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3250_m4:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5A1D29C-9491-4577-AB46-42924DB2B280" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3250_m5_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "jue134c", "matchCriteriaId": "A9278E60-F61A-4BD6-974D-428F9328A97C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3250_m5:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD67192C-7833-40CB-9CCD-7ADBDC07BE47" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3300_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "yae156c", "matchCriteriaId": "B251FABB-7A74-4A00-9A6A-E1D5010F789F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3300_m4:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB437E6F-4A5B-4335-B6C3-0C061D630DF0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3500_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "y5e158c", "matchCriteriaId": "BC0AEA8A-4BC9-46FC-A939-A72A4C2FBE47" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3500_m4:*:*:*:*:*:*:*:*", "matchCriteriaId": "654187EE-51E9-4AC8-8563-9DD24BB97C5E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "bee164c", "matchCriteriaId": "EADB7945-EE70-42C6-91B6-F593CC246F4A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3530_m4:*:*:*:*:*:*:*:*", "matchCriteriaId": "122C6446-D5A2-446F-89B7-FD6742A36CEC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3550_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "d7e166d", "matchCriteriaId": "B343AFD4-F139-41CF-9BA1-8CC81AC5F94D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3550_m4:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB7F4041-3E49-4C34-BCF1-E924690E7947" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "vve162c", "matchCriteriaId": "B811AAAD-7526-45DB-9506-2DF80EADD2BD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3630_m4:*:*:*:*:*:*:*:*", "matchCriteriaId": "59A6CC3F-EC19-408C-996E-AF260289F81B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3650_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "vve160c", "matchCriteriaId": "73592E6B-511F-47DA-BE96-E485AB8B0C84" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3650_m4:*:*:*:*:*:*:*:*", "matchCriteriaId": "A50E12D4-7631-4FF3-9390-BE1893468310" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "vve160c", "matchCriteriaId": "ED733CEF-494D-4770-8A9B-5AFDA89FC689" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:*:*:*:*:*:*:*:*", "matchCriteriaId": "D37B42B3-A246-4C15-BC87-E821246EAF1D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "vve160c", "matchCriteriaId": "D526F5A8-6411-445E-9EAA-29AD7AD98834" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:*:*:*:*:*:*:*:*", "matchCriteriaId": "66850147-3473-4092-A79B-B42BFEC652FC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3750_m4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "koe160c", "matchCriteriaId": "5FA3F56B-6163-4FEC-8BFC-8DC45928F175" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3750_m4:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E2C1FAF-46C5-4FB0-AA16-FB731CF77944" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3850_x6_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "a8e128c", "matchCriteriaId": "5D289168-1A35-48DA-8CA2-38DA52046CB3" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3850_x6:*:*:*:*:*:*:*:*", "matchCriteriaId": "74A84455-9F94-4934-93ED-623BC81A1406" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:system_x3950_x6_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "bee164c", "matchCriteriaId": "3E50A5B5-5EAF-41C2-8FFF-430F8D13AC22" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:system_x3950_x6:*:*:*:*:*:*:*:*", "matchCriteriaId": "D27C8F43-4900-4A12-9A99-D833DDD51B6E" } ] } ] } ], "references": [ { "url": "https://support.lenovo.com/us/en/solutions/LEN-24477", "source": "psirt@lenovo.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.lenovo.com/us/en/solutions/LEN-24477", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }