5.5

CVE-2018-7112

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpIntegrated Lights-out 2 Firmware Version < 2.33
   HpIntegrated Lights-out 2 Version-
   HpProliant Gen6 Server Version-
HpIntegrated Lights-out 3 Firmware Version < 1.90
   HpIntegrated Lights-out Version-
   HpProliant Gen7 Server Version-
HpIntegrated Lights-out 4 Firmware Version < 2.60
   HpIntegrated Lights-out Version-
   HpProliant Gen8 Server Version-
HpProliant Xl750f Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Xl750f Gen9 Server Version-
HpProliant Xl740f Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Xl740f Gen9 Server Version-
HpProliant Xl730f Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Xl730f Gen9 Server Version-
HpProliant Xl450 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Xl450 Gen9 Server Version-
HpProliant Xl270d Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Xl270d Gen9 Server Version-
HpProliant Xl260a Gen9 Server Firmware Version < 1.60_01-22-2018
   HpProliant Xl260a Gen9 Server Version-
HpProliant Xl250a Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Xl250a Gen9 Server Version-
HpProliant Xl230a Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Xl230a Gen9 Server Version-
HpProliant Xl190r Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Xl190r Gen9 Server Version-
HpProliant Xl170r Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Xl170r Gen9 Server Version-
HpProliant Dl560 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Dl560 Gen9 Server Version-
HpProliant Dl380 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Dl380 Gen9 Server Version-
HpProliant Dl360 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Dl360 Gen9 Server Version-
HpProliant Dl180 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Dl180 Gen9 Server Version-
HpProliant Dl160 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Dl160 Gen9 Server Version-
HpProliant Dl120 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Dl120 Gen9 Server Version-
HpProliant Dl80 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Dl80 Gen9 Server Version-
HpProliant Dl60 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Dl60 Gen9 Server Version-
HpProliant Dl20 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Dl20 Gen9 Server Version-
HpProliant Ml350 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Ml350 Gen9 Server Version-
HpProliant Ml150 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Ml150 Gen9 Server Version-
HpProliant Ml110 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Ml110 Gen9 Server Version-
HpProliant Ml30 Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Ml30 Gen9 Server Version-
HpProliant Ml10 Gen9 Server Firmware Version < 2018.01.22
   HpProliant Ml10 Gen9 Server Version-
HpProliant Bl660c Gen9 Server Firmware Version < 2.56_01-22-2018
   HpProliant Bl660c Gen9 Server Version-
HpProliant Bl460c Gen9 Server Blade Firmware Version < 2.56_01-22-2018
HpProliant Ws460c Gen9 Workstation Firmware Version < 2.56_01-22-2018
HpProliant Dl380e Gen8 Server Firmware Version < 2018.01.22
   HpProliant Dl380e Gen8 Server Version-
HpProliant Dl360p Gen8 Server Firmware Version < 2018.01.22
   HpProliant Dl360p Gen8 Server Version-
HpProliant Dl360e Gen8 Server Firmware Version < 2018.01.22
   HpProliant Dl360e Gen8 Server Version-
HpProliant Dl320e Gen8 Server Firmware Version < 2018.01.22
   HpProliant Dl320e Gen8 Server Version-
HpProliant Dl160 Gen8 Server Firmware Version < 2018.01.22
   HpProliant Dl160 Gen8 Server Version-
HpProliant Sl250s Gen8 Server Firmware Version < 2018.01.22
   HpProliant Sl250s Gen8 Server Version-
HpProliant Sl210t Gen8 Server Firmware Version < 2018.01.22
   HpProliant Sl210t Gen8 Server Version-
HpProliant Bl465c Gen8 (amd) Firmware Version < 2018.03.14
   HpProliant Bl465c Gen8 (amd) Version-
HpProliant Bl420c Gen8 Server Firmware Version < 2018.01.22
   HpProliant Bl420c Gen8 Server Version-
HpProliant Sl270s Gen8 Server Firmware Version < 2018.01.22
   HpProliant Sl270s Gen8 Server Version-
HpProliant Dl580 Gen8 Server Firmware Version < 2.00_02-22-2018
   HpProliant Dl580 Gen8 Server Version-
HpProliant Dl560 Gen8 Server Firmware Version < 2018.01.22
   HpProliant Dl560 Gen8 Server Version-
HpProliant Dl380p Gen8 Server Firmware Version < 2018.01.22
   HpProliant Dl380p Gen8 Server Version-
HpProliant Dl385p Gen8 (amd) Firmware Version < 2018.03.14
   HpProliant Dl385p Gen8 (amd) Version-
HpProliant Ml350e Gen8 Server Firmware Version < 2018.01.22
   HpProliant Ml350e Gen8 Server Version-
HpProliant Ml350p Gen8 Server Firmware Version < 2018.01.22
   HpProliant Ml350p Gen8 Server Version-
HpProliant Ml310e Gen8 Server Firmware Version < 2018.01.22
   HpProliant Ml310e Gen8 Server Version-
HpProliant Microserver Gen8 Firmware Version < 2018.01.22
   HpProliant Microserver Gen8 Version-
HpProliant M710x Server Cartridge Firmware Version < 1.64_01-22-2018
HpProliant M510 Server Cartridge Firmware Version < 1.64_01-22-2018
HpProliant Dl980 G7 Server Firmware Version < 2018.05.21
   HpProliant Dl980 G7 Server Version-
HpProliant Dl580 G7 Server Firmware Version < 2018.05.21
   HpProliant Dl580 G7 Server Version-
HpProliant Dl385 G7 Server Firmware Version < 2018.03.14
   HpProliant Dl385 G7 Server Version-
HpProliant Dl120 G7 Server Firmware Version < 2018.05.21
   HpProliant Dl120 G7 Server Version-
HpProliant Dl360 G7 Server Firmware Version < 2018.05.21
   HpProliant Dl360 G7 Server Version-
HpProliant Sl390s G7 Server Firmware Version < 2018.05.21
   HpProliant Sl390s G7 Server Version-
HpProliant Ml110 G7 Server Firmware Version < 2018.05.21
   HpProliant Ml110 G7 Server Version-
HpProliant Ml10 V2 Server Firmware Version < 2018.01.22
   HpProliant Ml10 V2 Server Version-
HpProliant Thin Micro Tm200 Server Firmware Version < 2.56_01-22-2018
HpProliant Dl380 G6 Server Firmware Version < 2018.05.21
   HpProliant Dl380 G6 Server Version-
HpProliant Dl370 G6 Server Firmware Version < 2018.05.21
   HpProliant Dl370 G6 Server Version-
HpProliant Dl360 G6 Server Firmware Version < 2018.05.21
   HpProliant Dl360 G6 Server Version-
HpProliant Dl320 G6 Server Firmware Version < 2018.05.21
   HpProliant Dl320 G6 Server Version-
HpProliant Ml370 G6 Server Firmware Version < 2018.05.21
   HpProliant Ml370 G6 Server Version-
HpProliant Ml350 G6 Server Firmware Version < 2018.05.21
   HpProliant Ml350 G6 Server Version-
HpProliant Ml330 G6 Server Firmware Version < 2018.05.21
   HpProliant Ml330 G6 Server Version-
HpProliant Bl280c G6 Server Bladefirmware Version < 2018.05.21
   HpProliant Bl280c G6 Server Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.388
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
http://www.securitytracker.com/id/1041984
Third Party Advisory
VDB Entry