Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-9085
HistoryNov 16, 2018 - 2:29 p.m.

CVE-2018-9085

2018-11-1614:29:00
CWE-276
[email protected]
web.nvd.nist.gov
31
security
lenovo
ibm
system x
servers
intel
sps
flash memory
cve-2018-9085

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.

Affected configurations

NVD
Node
lenovoflex_system_x240_m4_firmwareRange<a3e122b
AND
lenovoflex_system_x240_m4Match-
Node
lenovoflex_system_x440_m4_firmwareRange<cge122b
AND
lenovoflex_system_x440_m4Match-
Node
lenovosystem_x3750_m4_firmwareRange<a5e124b
AND
lenovosystem_x3750_m4Match-
Node
ibmbladecenter_hs23_firmwareRange<tke160c
AND
ibmbladecenterMatchhs23-
Node
ibmbladecenter_hs23e_firmwareRange<ahe160c
AND
ibmbladecenterMatchhs23e-
Node
ibmflex_system_x220_m4_firmwareRange<kse158c
AND
ibmflex_system_x220Match-
Node
ibmflex_system_x222_m4_firmwareRange<cce160c
AND
ibmflex_system_x222_m4Match-
Node
ibmflex_system_x240_m4_firmwareRange<ahe160c
AND
ibmflex_system_x240_m4Match-
Node
ibmflex_system_x280_x6_firmwareRange<n3e132w
AND
ibmflex_system_x280_x6Match-
Node
ibmflex_system_x440_m4_firmwareRange<cne162d
AND
ibmflex_system_x440_m4Match-
Node
ibmflex_system_x480_x6_firmwareRange<n3e132w
AND
ibmflex_system_x480_x6Match-
Node
ibmflex_system_x880_x6_firmwareRange<n2e130e
AND
ibmflex_system_x880_x6Match-
Node
ibmidataplex_dx360_m4_firmwareRange<fhe120d
AND
ibmidataplex_dx360_m4_Match-
Node
ibmidataplex_dx360_m4_water_cooled_firmwareRange<fhe120d
AND
ibmidataplex_dx360_m4_Match-
Node
ibmsystem_x3100_m4_firmwareRange<jqe184c
AND
ibmsystem_x3100_m4
Node
ibmsystem_x3100_m5_firmwareRange<j9e134c
AND
ibmsystem_x3100_m5
Node
ibmsystem_x3250_m4_firmwareRange<jqe184c
AND
ibmsystem_x3250_m4
Node
ibmsystem_x3250_m5_firmwareRange<jue134c
AND
ibmsystem_x3250_m5
Node
ibmsystem_x3300_m4_firmwareRange<yae156c
AND
ibmsystem_x3300_m4
Node
ibmsystem_x3500_m4_firmwareRange<y5e158c
AND
ibmsystem_x3500_m4
Node
ibmsystem_x3530_m4_firmwareRange<bee164c
AND
ibmsystem_x3530_m4
Node
ibmsystem_x3550_m4_firmwareRange<d7e166d
AND
ibmsystem_x3550_m4
Node
ibmsystem_x3630_m4_firmwareRange<vve162c
AND
ibmsystem_x3630_m4
Node
ibmsystem_x3650_m4_firmwareRange<vve160c
AND
ibmsystem_x3650_m4
Node
ibmsystem_x3650_m4_bd_firmwareRange<vve160c
AND
ibmsystem_x3650_m4_bd
Node
ibmsystem_x3650_m4_hd_firmwareRange<vve160c
AND
ibmsystem_x3650_m4_hd
Node
ibmsystem_x3750_m4_firmwareRange<koe160c
AND
ibmsystem_x3750_m4
Node
ibmsystem_x3850_x6_firmwareRange<a8e128c
AND
ibmsystem_x3850_x6
Node
ibmsystem_x3950_x6_firmwareRange<bee164c
AND
ibmsystem_x3950_x6

CNA Affected

[
  {
    "product": "System x UEFI",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "varies",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "System x UEFI",
    "vendor": "IBM",
    "versions": [
      {
        "lessThan": "varies",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
prion 1
lenovo 2
nvd 1
ibm 1
cvelist
cvelist
CVE-2018-9085 Missing System x Flash Memory Write Protection Lock Bit
2018-11-16 14:00:00
prion
prion
Design/Logic Flaw
2018-11-16 14:29:00
lenovo
lenovo
Missing System x Flash Memory Write Protection Lock Bit - US
2018-11-14 02:28:32
Missing System x Flash Memory Write Protection Lock Bit - Lenovo Support US
2018-11-14 02:28:32
nvd
nvd
CVE-2018-9085
2018-11-16 14:29:00
ibm
ibm
Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2018-9085)
2023-12-07 22:45:03

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON
Related for CVE-2018-9085
cvelist1prion1lenovo2nvd1ibm1