CVE-2018-7112

3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 61.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Integrated Lights-out 2 Firmware HP Integrated Lights-out 3 Firmware HP Integrated Lights-out 4 Firmware +87 more

Timeline

PublishedDec 3

Latest updateMay 13

Description

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages90 packages

▶NVDhp/integrated_lights-out_2_firmware< 2.33

▶NVDhp/integrated_lights-out_3_firmware< 1.90

▶NVDhp/integrated_lights-out_4_firmware< 2.60

▶NVDhp/proliant_microserver_gen8_firmware< 2018.01.22

▶NVDhp/proliant_bl465c_gen8_\(amd\)_firmware< 2018.03.14

🔴Vulnerability Details

GHSA

GHSA-v993-j85c-p36m: The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information↗2022-05-13

▶

CVEList

CVE-2018-7112: The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information↗2018-12-03

▶