Lenovo Security Advisory: LEN-19586
**Potential Impact:**Stack overflow leading to memory corruption
Severity: Medium
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2017-3774
Summary Description:
A stack overflow vulnerability was discovered within the web administration service in the Integrated Management Module 2 (IMM2) used in some Lenovo and IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the latest version of IMM2 firmware for your product, as listed in the Products Impact section of this advisory. If it is not feasible to apply the new firmware immediately, consider restricting IMM2 management interface access to only trusted users as an interim mitigation.
Acknowledgement:
Lenovo thanks Immunity Team for reporting this issue.