CVE-2018-9085

{"id": "CVE-2018-9085", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2018-11-16T14:29:00.427", "references": [{"url": "https://support.lenovo.com/us/en/solutions/LEN-24477", "tags": ["Vendor Advisory"], "source": "psirt@lenovo.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors."}, {"lang": "es", "value": "Se ha dejado sin establecer un bit de bloqueo de protecci\u00f3n de escritura tras el arranque en una generaci\u00f3n m\u00e1s antigua de los servidores x de Lenovo y IBM System, lo que podr\u00eda permitir que un atacante con acceso de administrador modifique el subconjunto de memoria flash que contiene Intel SPS (Server Platform Services) y los descriptores flash del sistema."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4615A750-2A3B-47B4-89EE-A3232E19CAF2", "versionEndExcluding": "a3e122b"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "783B2E41-3FC3-4E39-802F-546EC7AA12E6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBEEBA90-3902-48F4-AFF2-708C0F1732B6", "versionEndExcluding": "cge122b"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system_x440_m4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC55C49B-2A5C-452C-8345-1C19A48FBB6E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69B6C713-88F0-46FA-9BA0-A8990742BF56", "versionEndExcluding": "a5e124b"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAC299FF-82AF-4B45-8646-8EEA9A9A7EB6", "versionEndExcluding": "tke160c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:hs23:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F6EB37C6-274D-420A-A870-508105E94A09"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B02CA18F-9C74-4F42-8306-D41CAC6AF823", "versionEndExcluding": "ahe160c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:hs23e:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A6035D4E-3B1E-4882-AD00-622A5A14E428"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:flex_system_x220_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D4A9615-D41C-4D0E-B2F0-2F7193F4FB95", "versionEndExcluding": "kse158c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system_x220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD06E939-3D9E-4254-B570-0C9D79E1A6EE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:flex_system_x222_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "386977A4-311D-48AE-BD40-17F1349F4912", "versionEndExcluding": "cce160c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system_x222_m4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "04CC2E42-2E9F-4C41-9A36-4A21C32F4CB9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:flex_system_x240_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D66C4AB-D69B-4D90-9F47-C590048582EE", "versionEndExcluding": "ahe160c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system_x240_m4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "594B1D02-B6ED-4F9F-BAEC-313FFD1C17C4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:flex_system_x280_x6_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "348B1A1E-5617-4EA1-B562-5605EE463AFC", "versionEndExcluding": "n3e132w"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system_x280_x6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F33B121-C777-4D32-B601-B32E3D240761"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:flex_system_x440_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC3C5FED-59D7-4EB9-BE2F-C0CB0266348D", "versionEndExcluding": "cne162d"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system_x440_m4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5934364-CF52-411C-B13F-A8688A7BC0FE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:flex_system_x480_x6_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1AFF5F6-2183-448D-A43E-9F13E6219E8D", "versionEndExcluding": "n3e132w"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system_x480_x6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4C2B5F19-EE82-4DA4-9ACD-505943C4EC8C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:flex_system_x880_x6_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7656DBE9-CC1A-441D-95CA-2DC524ECEDE0", "versionEndExcluding": "n2e130e"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system_x880_x6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5BED0E10-71B6-4323-96F5-B98D4FE7C7AB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "088D5D83-67AB-43C4-BFC8-F80F86B24DAA", "versionEndExcluding": "fhe120d"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10ECC957-AC46-4141-9587-2A61F5F0C8D4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07F99BB6-2E71-44B0-8910-EE4945EAE096", "versionEndExcluding": "fhe120d"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:idataplex_dx360_m4_:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10ECC957-AC46-4141-9587-2A61F5F0C8D4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3100_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "075B4B38-E5F0-4B21-9F42-8571C2DE2710", "versionEndExcluding": "jqe184c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3100_m4:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31A654AB-188E-47B2-8C6D-6EA5C824B75B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3100_m5_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DC44F64-B03F-4BF6-9D18-F800C95F486B", "versionEndExcluding": "j9e134c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3100_m5:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0CDF041-DA1B-4657-B86C-6509F3DA4415"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3250_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A9A0EF2-F0DF-46EB-BBE1-5CE2A9F346F2", "versionEndExcluding": "jqe184c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3250_m4:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F5A1D29C-9491-4577-AB46-42924DB2B280"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3250_m5_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9278E60-F61A-4BD6-974D-428F9328A97C", "versionEndExcluding": "jue134c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3250_m5:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD67192C-7833-40CB-9CCD-7ADBDC07BE47"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3300_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B251FABB-7A74-4A00-9A6A-E1D5010F789F", "versionEndExcluding": "yae156c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3300_m4:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB437E6F-4A5B-4335-B6C3-0C061D630DF0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3500_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC0AEA8A-4BC9-46FC-A939-A72A4C2FBE47", "versionEndExcluding": "y5e158c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3500_m4:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "654187EE-51E9-4AC8-8563-9DD24BB97C5E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EADB7945-EE70-42C6-91B6-F593CC246F4A", "versionEndExcluding": "bee164c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3530_m4:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "122C6446-D5A2-446F-89B7-FD6742A36CEC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3550_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B343AFD4-F139-41CF-9BA1-8CC81AC5F94D", "versionEndExcluding": "d7e166d"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3550_m4:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB7F4041-3E49-4C34-BCF1-E924690E7947"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B811AAAD-7526-45DB-9506-2DF80EADD2BD", "versionEndExcluding": "vve162c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3630_m4:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59A6CC3F-EC19-408C-996E-AF260289F81B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3650_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73592E6B-511F-47DA-BE96-E485AB8B0C84", "versionEndExcluding": "vve160c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3650_m4:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A50E12D4-7631-4FF3-9390-BE1893468310"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED733CEF-494D-4770-8A9B-5AFDA89FC689", "versionEndExcluding": "vve160c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3650_m4_bd:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D37B42B3-A246-4C15-BC87-E821246EAF1D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D526F5A8-6411-445E-9EAA-29AD7AD98834", "versionEndExcluding": "vve160c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66850147-3473-4092-A79B-B42BFEC652FC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3750_m4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FA3F56B-6163-4FEC-8BFC-8DC45928F175", "versionEndExcluding": "koe160c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3750_m4:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E2C1FAF-46C5-4FB0-AA16-FB731CF77944"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3850_x6_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D289168-1A35-48DA-8CA2-38DA52046CB3", "versionEndExcluding": "a8e128c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3850_x6:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74A84455-9F94-4934-93ED-623BC81A1406"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3950_x6_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E50A5B5-5EAF-41C2-8FFF-430F8D13AC22", "versionEndExcluding": "bee164c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3950_x6:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D27C8F43-4900-4A12-9A99-D833DDD51B6E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@lenovo.com"}