CVE-2018-7112
published 2018-12-03CVE-2018-7112: The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was…
PriorityP424medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EPSS
0.67%
47.2th percentile
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.
Affected
90 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | integrated_lights-out_2_firmware | < 2.33 | 2.33 |
| hp | integrated_lights-out_3_firmware | < 1.90 | 1.90 |
| hp | integrated_lights-out_4_firmware | < 2.60 | 2.60 |
| hp | proliant_bl280c_g6_server_bladefirmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_bl2x220c_g6_server_blade_firmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_bl2x220c_g7_server_blade_firmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_bl420c_gen8_server_firmware | < 2018.01.22 | 2018.01.22 |
| hp | proliant_bl460c_g6_server_blade_firmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_bl460c_g7_server_blade_firmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_bl460c_gen8_server_blade_firmware | < 2018.01.22 | 2018.01.22 |
| hp | proliant_bl460c_gen9_server_blade_firmware | < 2.56_01-22-2018 | 2.56_01-22-2018 |
| hp | proliant_bl465c_g7_server_blade_firmware | < 2018.03.14 | 2018.03.14 |
| hp | proliant_bl465c_gen8_firmware | < 2018.03.14 | 2018.03.14 |
| hp | proliant_bl490c_g6_server_blade_firmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_bl490c_g7_server_blade_firmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_bl620c_g7_server_blade_firmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_bl660c_gen8_server_blade_firmware | < 2018.01.22 | 2018.01.22 |
| hp | proliant_bl660c_gen9_server_firmware | < 2.56_01-22-2018 | 2.56_01-22-2018 |
| hp | proliant_bl680c_g7_server_blade_firmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_bl685c_g7_server_blade_firmware | < 2018.03.14 | 2018.03.14 |
| hp | proliant_dl120_g7_server_firmware | < 2018.05.21 | 2018.05.21 |
| hp | proliant_dl120_gen9_server_firmware | < 2.56_01-22-2018 | 2.56_01-22-2018 |
| hp | proliant_dl160_gen8_server_firmware | < 2018.01.22 | 2018.01.22 |
| hp | proliant_dl160_gen9_server_firmware | < 2.56_01-22-2018 | 2.56_01-22-2018 |
| hp | proliant_dl180_gen9_server_firmware | < 2.56_01-22-2018 | 2.56_01-22-2018 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:C/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securitytracker.com/id/1041984https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_ushttp://www.securitytracker.com/id/1041984https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us
2018-12-03
Published