CVE-2018-9086 - OpenCVE

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkserver Rd340 Thinkserver Rd640 Firmware Thinkserver Rd440 Firmware Thinkserver Rd640 Thinkserver Td340 Thinkserver Rd440 Thinkserver Rd340 Firmware Thinkserver Td340 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkserver_rd340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkserver_rd340:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkserver_rd440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkserver_rd440:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkserver_rd640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkserver_rd640:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkserver_td340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkserver_td340:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/solutions/LEN-23836	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2018-11-16T14:00:00

Updated: 2018-11-16T13:57:01

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9086

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-11-16T14:29:00.457

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-9086

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "ThinkServer BMC", "vendor": "Lenovo", "versions": [{"lessThan": "varies", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-16T13:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/solutions/LEN-23836"}], "solutions": [{"lang": "en", "value": "Update BMC firmware"}], "source": {"advisory": "LEN-23836", "discovery": "INTERNAL"}, "title": "Legacy Server BMC Remote Command Injection", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2018-9086", "STATE": "PUBLIC", "TITLE": "Legacy Server BMC Remote Command Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ThinkServer BMC", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "varies"}]}}]}, "vendor_name": "Lenovo"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/solutions/LEN-23836", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/solutions/LEN-23836"}]}, "solution": [{"lang": "en", "value": "Update BMC firmware"}], "source": {"advisory": "LEN-23836", "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2018-9086", "datePublished": "2018-11-16T14:00:00", "dateReserved": "2018-03-27T00:00:00", "dateUpdated": "2018-11-16T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "310C9518-E17E-4E40-9936-98258F89F6F3", "versionEndExcluding": "64.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd340:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A48E001-1D62-4A25-8C7F-D4691BAEC3DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd440_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "74FA6345-B9DC-40D2-8F22-33BEA9BE76D9", "versionEndExcluding": "64.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd440:-:*:*:*:*:*:*:*", "matchCriteriaId": "3ED7B28A-1E10-4011-8250-8E060F74E3CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd640_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A558233-49C4-4CF9-A0D0-4AB2DDCEC458", "versionEndExcluding": "64.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd640:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E66D761-1400-41AE-AAB7-E54B80B3FAC8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_td340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E03AAA4-6496-44B0-BBF8-8DDAE1316312", "versionEndExcluding": "60.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_td340:-:*:*:*:*:*:*:*", "matchCriteriaId": "42109D0F-9FDD-4199-A946-64C453B40CFD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users."}, {"lang": "es", "value": "En algunos servidores de marca Lenovo ThinkServer, existe una vulnerabilidad de inyecci\u00f3n de comandos en el comando de descarga del firmware de BMC. Esto permite que un usuario privilegiado descargue y ejecute c\u00f3digo arbitrario en el BMC. Esto solo puede ser explotado por usuarios privilegiados autorizados."}], "id": "CVE-2018-9086", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-16T14:29:00.457", "references": [{"source": "psirt@lenovo.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://support.lenovo.com/us/en/solutions/LEN-23836"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}