CVE-2018-9085

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.

Published : 2018-11-16 14:29 Updated : 2019-10-03 00:03

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Ibm Bladecenter Hs23 Firmware - cpe:/o:ibm:bladecenter_hs23_firmware:-
Ibm Bladecenter Hs23 Firmware 6.4 cpe:/o:ibm:bladecenter_hs23_firmware:6.4
Ibm Bladecenter Hs23 Firmware 6.80 cpe:/o:ibm:bladecenter_hs23_firmware:6.80
Ibm Bladecenter Hs23e Firmware - cpe:/o:ibm:bladecenter_hs23e_firmware:-
Ibm Bladecenter Hs23e Firmware 6.4 cpe:/o:ibm:bladecenter_hs23e_firmware:6.4
Ibm Bladecenter Hs23e Firmware 6.80 cpe:/o:ibm:bladecenter_hs23e_firmware:6.80
Ibm Flex System X220 M4 Firmware - cpe:/o:ibm:flex_system_x220_m4_firmware:-
Ibm Flex System X220 M4 Firmware 6.4 cpe:/o:ibm:flex_system_x220_m4_firmware:6.4
Ibm Flex System X220 M4 Firmware 6.80 cpe:/o:ibm:flex_system_x220_m4_firmware:6.80
Ibm Flex System X222 M4 Firmware - cpe:/o:ibm:flex_system_x222_m4_firmware:-
Ibm Flex System X222 M4 Firmware 6.4 cpe:/o:ibm:flex_system_x222_m4_firmware:6.4
Ibm Flex System X222 M4 Firmware 6.80 cpe:/o:ibm:flex_system_x222_m4_firmware:6.80
Ibm Flex System X240 M4 Firmware - cpe:/o:ibm:flex_system_x240_m4_firmware:-
Ibm Flex System X240 M4 Firmware 6.4 cpe:/o:ibm:flex_system_x240_m4_firmware:6.4
Ibm Flex System X240 M4 Firmware 6.80 cpe:/o:ibm:flex_system_x240_m4_firmware:6.80
Ibm Flex System X440 M4 Firmware - cpe:/o:ibm:flex_system_x440_m4_firmware:-
Ibm Flex System X440 M4 Firmware 6.4 cpe:/o:ibm:flex_system_x440_m4_firmware:6.4
Ibm Flex System X440 M4 Firmware 6.80 cpe:/o:ibm:flex_system_x440_m4_firmware:6.80
Ibm Idataplex Dx360 M4 Firmware - cpe:/o:ibm:idataplex_dx360_m4_firmware:-
Ibm Idataplex Dx360 M4 Firmware 6.4 cpe:/o:ibm:idataplex_dx360_m4_firmware:6.4
Ibm Idataplex Dx360 M4 Firmware 6.80 cpe:/o:ibm:idataplex_dx360_m4_firmware:6.80
Ibm Idataplex Dx360 M4 Water Cooled Firmware - cpe:/o:ibm:idataplex_dx360_m4_water_cooled_firmware:-
Ibm Idataplex Dx360 M4 Water Cooled Firmware 6.4 cpe:/o:ibm:idataplex_dx360_m4_water_cooled_firmware:6.4
Ibm Idataplex Dx360 M4 Water Cooled Firmware 6.80 cpe:/o:ibm:idataplex_dx360_m4_water_cooled_firmware:6.80
Ibm System X3100 M4 Firmware - cpe:/o:ibm:system_x3100_m4_firmware:-
Ibm System X3100 M4 Firmware 6.4 cpe:/o:ibm:system_x3100_m4_firmware:6.4
Ibm System X3100 M4 Firmware 6.80 cpe:/o:ibm:system_x3100_m4_firmware:6.80
Ibm System X3100 M5 Firmware - cpe:/o:ibm:system_x3100_m5_firmware:-
Ibm System X3100 M5 Firmware 6.4 cpe:/o:ibm:system_x3100_m5_firmware:6.4
Ibm System X3100 M5 Firmware 6.80 cpe:/o:ibm:system_x3100_m5_firmware:6.80
Ibm System X3250 M4 Firmware - cpe:/o:ibm:system_x3250_m4_firmware:-
Ibm System X3250 M4 Firmware 6.4 cpe:/o:ibm:system_x3250_m4_firmware:6.4
Ibm System X3250 M4 Firmware 6.80 cpe:/o:ibm:system_x3250_m4_firmware:6.80
Ibm System X3250 M5 Firmware - cpe:/o:ibm:system_x3250_m5_firmware:-
Ibm System X3250 M5 Firmware 6.4 cpe:/o:ibm:system_x3250_m5_firmware:6.4
Ibm System X3250 M5 Firmware 6.80 cpe:/o:ibm:system_x3250_m5_firmware:6.80
Ibm System X3300 M4 Firmware - cpe:/o:ibm:system_x3300_m4_firmware:-
Ibm System X3300 M4 Firmware 6.4 cpe:/o:ibm:system_x3300_m4_firmware:6.4
Ibm System X3300 M4 Firmware 6.80 cpe:/o:ibm:system_x3300_m4_firmware:6.80
Ibm System X3500 M4 Firmware - cpe:/o:ibm:system_x3500_m4_firmware:-
Ibm System X3500 M4 Firmware 6.4 cpe:/o:ibm:system_x3500_m4_firmware:6.4
Ibm System X3500 M4 Firmware 6.80 cpe:/o:ibm:system_x3500_m4_firmware:6.80
Ibm System X3530 M4 Firmware - cpe:/o:ibm:system_x3530_m4_firmware:-
Ibm System X3530 M4 Firmware 6.4 cpe:/o:ibm:system_x3530_m4_firmware:6.4
Ibm System X3530 M4 Firmware 6.80 cpe:/o:ibm:system_x3530_m4_firmware:6.80
Ibm System X3550 M4 Firmware - cpe:/o:ibm:system_x3550_m4_firmware:-
Ibm System X3550 M4 Firmware 6.4 cpe:/o:ibm:system_x3550_m4_firmware:6.4
Ibm System X3550 M4 Firmware 6.80 cpe:/o:ibm:system_x3550_m4_firmware:6.80
Ibm System X3630 M4 Firmware - cpe:/o:ibm:system_x3630_m4_firmware:-
Ibm System X3630 M4 Firmware 6.4 cpe:/o:ibm:system_x3630_m4_firmware:6.4
Ibm System X3630 M4 Firmware 6.80 cpe:/o:ibm:system_x3630_m4_firmware:6.80
Ibm System X3650 M4 Bd Firmware - cpe:/o:ibm:system_x3650_m4_bd_firmware:-
Ibm System X3650 M4 Bd Firmware 6.4 cpe:/o:ibm:system_x3650_m4_bd_firmware:6.4
Ibm System X3650 M4 Bd Firmware 6.80 cpe:/o:ibm:system_x3650_m4_bd_firmware:6.80
Ibm System X3650 M4 Firmware - cpe:/o:ibm:system_x3650_m4_firmware:-
Ibm System X3650 M4 Firmware 6.4 cpe:/o:ibm:system_x3650_m4_firmware:6.4
Ibm System X3650 M4 Firmware 6.80 cpe:/o:ibm:system_x3650_m4_firmware:6.80
Ibm System X3650 M4 Hd Firmware - cpe:/o:ibm:system_x3650_m4_hd_firmware:-
Ibm System X3650 M4 Hd Firmware 6.4 cpe:/o:ibm:system_x3650_m4_hd_firmware:6.4
Ibm System X3650 M4 Hd Firmware 6.80 cpe:/o:ibm:system_x3650_m4_hd_firmware:6.80
Ibm System X3750 M4 Firmware - cpe:/o:ibm:system_x3750_m4_firmware:-
Ibm System X3750 M4 Firmware 6.4 cpe:/o:ibm:system_x3750_m4_firmware:6.4
Ibm System X3750 M4 Firmware 6.80 cpe:/o:ibm:system_x3750_m4_firmware:6.80
Ibm System X3850 X6 Firmware - cpe:/o:ibm:system_x3850_x6_firmware:-
Ibm System X3850 X6 Firmware 6.4 cpe:/o:ibm:system_x3850_x6_firmware:6.4
Ibm System X3850 X6 Firmware 6.80 cpe:/o:ibm:system_x3850_x6_firmware:6.80
Ibm System X3950 X6 Firmware - cpe:/o:ibm:system_x3950_x6_firmware:-
Ibm System X3950 X6 Firmware 6.4 cpe:/o:ibm:system_x3950_x6_firmware:6.4
Ibm System X3950 X6 Firmware 6.80 cpe:/o:ibm:system_x3950_x6_firmware:6.80
Lenovo Flex System X240 M4 Firmware - cpe:/o:lenovo:flex_system_x240_m4_firmware:-
Lenovo Flex System X240 M4 Firmware 4.4 cpe:/o:lenovo:flex_system_x240_m4_firmware:4.4
Lenovo Flex System X240 M4 Firmware 4.90 cpe:/o:lenovo:flex_system_x240_m4_firmware:4.90
Lenovo Flex System X440 M4 Firmware - cpe:/o:lenovo:flex_system_x440_m4_firmware:-
Lenovo Flex System X440 M4 Firmware 4.4 cpe:/o:lenovo:flex_system_x440_m4_firmware:4.4
Lenovo Flex System X440 M4 Firmware 4.90 cpe:/o:lenovo:flex_system_x440_m4_firmware:4.90
Lenovo System X3750 M4 Firmware - cpe:/o:lenovo:system_x3750_m4_firmware:-
Lenovo System X3750 M4 Firmware 4.4 cpe:/o:lenovo:system_x3750_m4_firmware:4.4
Lenovo System X3750 M4 Firmware 4.90 cpe:/o:lenovo:system_x3750_m4_firmware:4.90
  1. Lenovo (3) Search CVE
    1. System X3750 M4 Firmware (3) Search CVE
      1. -
      2. 4.4
      3. 4.90
    2. Flex System X240 M4 Firmware (3) Search CVE
      1. -
      2. 4.4
      3. 4.90
    3. Flex System X440 M4 Firmware (3) Search CVE
      1. -
      2. 4.4
      3. 4.90
  2. Ibm (23) Search CVE
    1. System X3630 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    2. Bladecenter Hs23e Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    3. System X3300 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    4. System X3250 M5 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    5. Bladecenter Hs23 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    6. System X3530 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    7. Flex System X220 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    8. System X3250 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    9. Flex System X222 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    10. System X3550 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    11. Idataplex Dx360 M4 Water Cooled Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    12. System X3100 M5 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    13. System X3500 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    14. System X3950 X6 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    15. System X3650 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    16. Idataplex Dx360 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    17. System X3850 X6 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    18. System X3650 M4 Hd Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    19. Flex System X240 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    20. System X3100 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    21. System X3650 M4 Bd Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    22. System X3750 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80
    23. Flex System X440 M4 Firmware (3) Search CVE
      1. -
      2. 6.4
      3. 6.80

CWE

ID Name Description Links
CWE-276 Incorrect Default Permissions The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. CVE

History of changes

Date Event
2019-10-03 00:03
2019-02-04 19:07
2018-11-16 14:29

New CVE