A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
Published : 2019-04-22 16:29 Updated : 2019-10-09 23:51
CVSS Score More info
Score 7.8 / 10
A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.
Specialized access conditions or extenuating circumstances do not exist. The following are examples:
- The affected product typically requires access to a wide range of systems and users, possibly anonymous and untrusted (e.g., Internet-facing web or mail server).
- The affected configuration is default or ubiquitous.
- The attack can be performed manually and requires little skill or additional information gathering.
- The race condition is a lazy one (i.e., it is technically a race but easily winnable).
Authentication is not required to exploit the vulnerability.
|Ibm||Bladecenter Hs23 Firmware||-||cpe:/o:ibm:bladecenter_hs23_firmware:-|
|Ibm||System X3530 M4 Firmware||-||cpe:/o:ibm:system_x3530_m4_firmware:-|
|Ibm||System X3630 M4 Firmware||-||cpe:/o:ibm:system_x3630_m4_firmware:-|
|Ibm||System X3650 M4 Hd Firmware||-||cpe:/o:ibm:system_x3650_m4_hd_firmware:-|
History of changes