Lucene search

[email protected]NVD:CVE-2018-1992

HistoryMar 21, 2019 - 4:00 p.m.

CVE-2018-1992

2019-03-2116:00:33

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

12.6%

JSON

The IBM Power 9 OP910, OP920, and FW910 boot firmware’s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system’s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.

Affected configurations

Nvd

Node

ibmpower_system_s922_\(9009-22a\)_firmwareRange<fw910.10

AND

ibmpower_system_s922_\(9009-22a\)Match-

Node

ibmpower_system_h922_\(9223-22h\)_firmwareRange<fw910.10

AND

ibmpower_system_h922_\(9223-22h\)Match-

Node

ibmpower_system_s914_\(9009-41a\)_firmwareRange<fw910.10

AND

ibmpower_system_s914_\(9009-41a\)Match-

Node

ibmpower_system_s924_\(9009-42a\)_firmwareRange<fw910.10

AND

ibmpower_system_s924_\(9009-42a\)Match-

Node

ibmpower_system_h924_\(9223-42h\)_firmwareRange<fw910.10

AND

ibmpower_system_h924_\(9223-42h\)Match-

Node

ibmpower_system_l922_\(9008-22l\)_firmwareRange<fw910.10

AND

ibmpower_system_l922_\(9008-22l\)Match-

Node

ibmpower_system_ac922_\(8335-gtg\)_firmwareRange<op910.30

AND

ibmpower_system_ac922_\(8335-gtg\)Match-

Node

ibmpower_system_ac922_\(8335-gth\)_firmwareRange<op920.10

AND

ibmpower_system_ac922_\(8335-gth\)Match-

Node

ibmpower_system_ac922_\(8335-gtx\)_firmwareRange<op920.10

AND

ibmpower_system_ac922_\(8335-gtx\)Match-

Node

ibmpower_system_lc921_\(9006-12p\)_firmwareRange<op920.10

AND

ibmpower_system_lc921_\(9006-12p\)Match-

Node

ibmpower_system_lc922_\(9006-22p\)_firmwareRange<op920.10

AND

ibmpower_system_lc922_\(9006-22p\)Match-

VendorProductVersionCPE
ibmpower_system_s922_\(9009-22a\)_firmware*cpe:2.3:o:ibm:power_system_s922_\(9009-22a\)_firmware:*:*:*:*:*:*:*:*
ibmpower_system_s922_\(9009-22a\)-cpe:2.3:h:ibm:power_system_s922_\(9009-22a\):-:*:*:*:*:*:*:*
ibmpower_system_h922_\(9223-22h\)_firmware*cpe:2.3:o:ibm:power_system_h922_\(9223-22h\)_firmware:*:*:*:*:*:*:*:*
ibmpower_system_h922_\(9223-22h\)-cpe:2.3:h:ibm:power_system_h922_\(9223-22h\):-:*:*:*:*:*:*:*
ibmpower_system_s914_\(9009-41a\)_firmware*cpe:2.3:o:ibm:power_system_s914_\(9009-41a\)_firmware:*:*:*:*:*:*:*:*
ibmpower_system_s914_\(9009-41a\)-cpe:2.3:h:ibm:power_system_s914_\(9009-41a\):-:*:*:*:*:*:*:*
ibmpower_system_s924_\(9009-42a\)_firmware*cpe:2.3:o:ibm:power_system_s924_\(9009-42a\)_firmware:*:*:*:*:*:*:*:*
ibmpower_system_s924_\(9009-42a\)-cpe:2.3:h:ibm:power_system_s924_\(9009-42a\):-:*:*:*:*:*:*:*
ibmpower_system_h924_\(9223-42h\)_firmware*cpe:2.3:o:ibm:power_system_h924_\(9223-42h\)_firmware:*:*:*:*:*:*:*:*
ibmpower_system_h924_\(9223-42h\)-cpe:2.3:h:ibm:power_system_h924_\(9223-42h\):-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	power_system_s922_\(9009-22a\)_firmware	*	cpe:2.3:o:ibm:power_system_s922_\(9009-22a\)_firmware::::::::
ibm	power_system_s922_\(9009-22a\)	-	cpe:2.3:h:ibm:power_system_s922_\(9009-22a\):-:::::::*
ibm	power_system_h922_\(9223-22h\)_firmware	*	cpe:2.3:o:ibm:power_system_h922_\(9223-22h\)_firmware::::::::
ibm	power_system_h922_\(9223-22h\)	-	cpe:2.3:h:ibm:power_system_h922_\(9223-22h\):-:::::::*
ibm	power_system_s914_\(9009-41a\)_firmware	*	cpe:2.3:o:ibm:power_system_s914_\(9009-41a\)_firmware::::::::
ibm	power_system_s914_\(9009-41a\)	-	cpe:2.3:h:ibm:power_system_s914_\(9009-41a\):-:::::::*
ibm	power_system_s924_\(9009-42a\)_firmware	*	cpe:2.3:o:ibm:power_system_s924_\(9009-42a\)_firmware::::::::
ibm	power_system_s924_\(9009-42a\)	-	cpe:2.3:h:ibm:power_system_s924_\(9009-42a\):-:::::::*
ibm	power_system_h924_\(9223-42h\)_firmware	*	cpe:2.3:o:ibm:power_system_h924_\(9223-42h\)_firmware::::::::
ibm	power_system_h924_\(9223-42h\)	-	cpe:2.3:h:ibm:power_system_h924_\(9223-42h\):-:::::::*

Rows per page:

1-10 of 221

References

exchange.xforce.ibmcloud.com/vulnerabilities/154345

www.ibm.com/support/docview.wss?uid=ibm10868992

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2018-1992

prion1 ibm1 cvelist1 cve1