IMM2 Denial of Service Attack by an Unprivileged User - NL

Lenovo Security Advisory: LEN-14450

Potential Impact: Denial of Service

Severity: Medium

**Scope of Impact:**Lenovo Specific

**CVE Identifier:**CVE-2017-3768

Summary Description:

A vulnerability was discovered in the Integrated Management Module 2 (IMM2) used in some Lenovo servers where an unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.

Other interfaces besides the CIM, which uses TCP/5988 (WBEM/CIM over HTTP) and TCP/5989 (WBEMS/CIM over HTTPS), are not affected.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update IMM2 firmware to the latest levels shown below or limit connectivity to IMM2, such as to trusted management networks.