4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
19.9%
IBM System x, Flex and BladeCenter systems have addressed the following denial of service vulnerability in Unified Extensible Firmware Interface (UEFI).
CVEID: CVE-2018-9085 DESCRIPTION: Lenovo System x is vulnerable to a denial of service, caused by missing flash memory write protection lock bit. A local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153019> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Product | Affected Version |
---|---|
BladeCenter HS23 7875/1929 | tke1 |
BladeCenter HS23E 8038/8039 | ahe1 |
Flex System x220 2585/7906 | kse1 |
Flex System x222 7916 | cce1 |
Flex System x240 7863/8737/8738/8956 | b2e1 |
Flex System x440 7917 | cne1 |
Flex System x280 X6 4259 | |
Flex System x480/x880 X6 7903 | n2e1 |
System x iDataPlex dx360 M4 7912/7913 | tde1 |
System x NeXtScale nx360 M4 5455 | fhe1 |
System x3300 M4 7382 | yae1 |
System x3500 M4 7383 | y5e1 |
System x3550 M4 7914 | d7e1 |
System x3630 M4 7158 | |
System x3530 M4 7160 | bee1 |
System x3650 M4 7915 | |
System x3650 M4 HD 5460 | vve1 |
System x3650 M4 BD 5466 | yoe1 |
System x3750 M4 8718/8722/8733/8752 | koe1 |
System x3850 X6/x3950 X6 3837/3839 | a8e1 |
Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>
Product | Fix Version |
---|---|
BladeCenter HS23 7875/1929 | |
(ibm_fw_uefi_tke162d-2.50_anyos_32-64) | tke162d-2.50 |
BladeCenter HS23E 8038/8039 | |
(ibm_fw_uefi_ahe162d-2.90_anyos_32-64) | ahe162d-2.90 |
Flex System x220 2585/7906 | |
(ibm_fw_uefi_kse160d-2.30_anyos_32-64) | kse160d-2.30 |
Flex System x222 7916 | |
(ibm_fw_uefi_cce162d-2.10_anyos_32-64) | cce162d-2.10 |
Flex System x240 7863/8737/8738/8956 | |
(ibm_fw_uefi_b2e164d-2.30_anyos_32-64) | b2e164d-2.30 |
Flex System x440 7917 | |
(ibm_fw_uefi_cne164d-2.20_anyos_32-64) | cne164d-2.20 |
Flex System x280 X6 4259 | |
Flex System x480/x880 X6 7903 | |
(ibm_fw_uefi_n2e132c-2.00_anyos_32-64) | n2e132c-2.00 |
System x iDataPlex dx360 M4 7912/7913 | |
(ibm_fw_uefi_tde158d-2.20_anyos_32-64) | tde158d-2.20 |
System x NeXtScale nx360 M4 5455 | |
(ibm_fw_uefi_fhe122c-2.00_anyos_32-64) | fhe122c-2.00 |
System x3300 M4 7382 | |
(ibm_fw_uefi_yae158c-2.20_anyos_32-64) | yae158c-2.20 |
System x3500 M4 7383 | |
(ibm_fw_uefi_y5e160c-2.70_anyos_32-64) | y5e160c-2.70 |
System x3550 M4 7914 | |
(ibm_fw_uefi_d7e166d-2.80_anyos_32-64) | d7e166d-2.80 |
System x3630 M4 7158 | |
System x3530 M4 7160 | |
(ibm_fw_uefi_bee166c-3.10_anyos_32-64) | bee166c-3.10 |
System x3650 M4 7915 | |
System x3650 M4 HD 5460 | |
(ibm_fw_uefi_vve162c-2.80_anyos_32-64) |
vve162c-2.80
System x3650 M4 BD 5466
(ibm_fw_uefi_yoe128c-2.30_anyos_32-64) | yoe128c-2.30
System x3750 M4 8718/8722/8733/8752
(ibm_fw_uefi_koe162d-2.30_anyos_32-64) | koe162d-2.30
System x3850 X6/x3950 X6 3837/3839
(ibm_fw_uefi_a8e130c-1.80_anyos_32-64) | a8e130c-1.80
None
CPE | Name | Operator | Version |
---|---|---|---|
system x->microsoft datacenter | eq | any | |
pureflex system & flex system | eq | any | |
system x blades | eq | any |
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
19.9%