CVE-2018-7112 - Vulnerability Details

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0017.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hewlett Packard Enterprise

Windows firmware installer for Gen9, Gen8, G7,and G6 HPE servers

affected

Version	Status	Constraints
Only the Windows based firmware installers for the following products. HPE Integrated Lights-Out 2 (iLO 2) Firmware for ProLiant G6 Servers - Prior to v2.33, HPE Integrated Lights-Out 3 (iLO 3) Firmware for ProLiant G7 Servers - Prior to v1.90, HPE Integrated Lights-Out 4 (iLO 4) Firmware for ProLiant Gen8 Server firmwares - Prior to v2.60, HPE ProLiant XL750f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL740f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL730f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL450 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL270d Gen9 Special Server - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL260a Gen9 Server firmware - Prior to 1.60_01-22-2018(26 Feb 2018), HPE ProLiant XL250a Gen9 Server firmware - Prior to 2.56_01-22- ...[truncated*]	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:hp:integrated_lights-out_2_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:integrated_lights-out_2:-:::::::*
	cpe:2.3:h:hp:proliant_gen6_server:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:hp:integrated_lights-out_3_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:integrated_lights-out:-:::::::*
	cpe:2.3:h:hp:proliant_gen7_server:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:integrated_lights-out:-:::::::*
	cpe:2.3:h:hp:proliant_gen8_server:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:hp:proliant_xl750f_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl750f_gen9_server:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hp:proliant_xl740f_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl740f_gen9_server:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hp:proliant_xl730f_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl730f_gen9_server:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hp:proliant_xl450_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl450_gen9_server:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hp:proliant_xl270d_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl270d_gen9_server:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hp:proliant_xl270d_gen9_accelerator_tray_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl270d_gen9_accelerator_tray:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hp:proliant_xl260a_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl260a_gen9_server:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hp:proliant_xl250a_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl250a_gen9_server:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hp:proliant_xl230a_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl230a_gen9_server:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hp:proliant_xl190r_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl190r_gen9_server:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hp:proliant_xl170r_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_xl170r_gen9_server:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:hp:proliant_dl560_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl560_gen9_server:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:hp:proliant_dl380_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl380_gen9_server:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:hp:proliant_dl360_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl360_gen9_server:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:hp:proliant_dl180_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl180_gen9_server:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:hp:proliant_dl160_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl160_gen9_server:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:hp:proliant_dl120_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl120_gen9_server:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:hp:proliant_dl80_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl80_gen9_server:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:hp:proliant_dl60_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl60_gen9_server:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:hp:proliant_dl20_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl20_gen9_server:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:hp:proliant_ml350_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml350_gen9_server:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:hp:proliant_ml150_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml150_gen9_server:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:hp:proliant_ml110_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml110_gen9_server:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:hp:proliant_ml30_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml30_gen9_server:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:hp:proliant_ml10_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml10_gen9_server:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:hp:proliant_bl660c_gen9_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl660c_gen9_server:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:hp:proliant_bl460c_gen9_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl460c_gen9_server_blade:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:hp:proliant_ws460c_gen9_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ws460c_gen9_workstation:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:hp:proliant_dl380e_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl380e_gen8_server:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:hp:proliant_dl360p_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl360p_gen8_server:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:hp:proliant_dl360e_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl360e_gen8_server:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:hp:proliant_dl320e_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl320e_gen8_server:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:hp:proliant_dl320e_gen8_v2_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl320e_gen8_v2_server:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:hp:proliant_dl160_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl160_gen8_server:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:hp:proliant_sl250s_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_sl250s_gen8_server:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:hp:proliant_sl210t_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_sl210t_gen8_server:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:hp:proliant_bl660c_gen8_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl660c_gen8_server:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:hp:proliant_bl465c_gen8_\(amd\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl465c_gen8_\(amd\):-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:hp:proliant_bl460c_gen8_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl460c_gen8_server_blade:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:hp:proliant_bl420c_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl420c_gen8_server:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:hp:proliant_sl4540_gen8_1_node_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_sl4540_gen8_1_node_server:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:hp:proliant_sl270s_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_sl270s_gen8_server:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:hp:proliant_dl580_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl580_gen8_server:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:hp:proliant_dl560_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl560_gen8_server:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:hp:proliant_dl380p_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl380p_gen8_server:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:hp:proliant_dl385p_gen8_\(amd\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl385p_gen8_\(amd\):-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:hp:proliant_ml350e_gen8_v2_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml350e_gen8_v2_server:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:hp:proliant_ml350e_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml350e_gen8_server:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:hp:proliant_ml350p_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml350p_gen8_server:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:hp:proliant_ml310e_gen8_v2_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml310e_gen8_v2_server:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:hp:proliant_ml310e_gen8_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml310e_gen8_server:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:hp:proliant_microserver_gen8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_microserver_gen8:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:hp:proliant_m710_server_cartridge_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_m710_server_cartridge:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:hp:proliant_m710p_server_cartridge_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_m710p_server_cartridge:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:hp:proliant_m710x_server_cartridge_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_m710x_server_cartridge:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:hp:proliant_m510_server_cartridge_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_m510_server_cartridge:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:hp:proliant_m350_server_cartridge_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_m350_server_cartridge:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND

cpe:2.3:o:hp:proliant_m300_server_cartridge_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_m300_server_cartridge:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

cpe:2.3:o:hp:proliant_bl2x220c_g7_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl2x220c_g7_server_blade:-:*:*:*:*:*:*:*

Configuration 63 [-]

AND

cpe:2.3:o:hp:proliant_dl585_g7_server_\(amd\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl585_g7_server_\(amd\):-:*:*:*:*:*:*:*

Configuration 64 [-]

AND

cpe:2.3:o:hp:proliant_dl980_g7_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl980_g7_server:-:*:*:*:*:*:*:*

Configuration 65 [-]

AND

cpe:2.3:o:hp:proliant_dl580_g7_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl580_g7_server:-:*:*:*:*:*:*:*

Configuration 66 [-]

AND

cpe:2.3:o:hp:proliant_dl385_g7_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl385_g7_server:-:*:*:*:*:*:*:*

Configuration 67 [-]

AND

cpe:2.3:o:hp:proliant_dl380_g7_server_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl380_g7_server:-:*:*:*:*:*:*:*

Configuration 68 [-]

AND

cpe:2.3:o:hp:proliant_dl120_g7_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl120_g7_server:-:*:*:*:*:*:*:*

Configuration 69 [-]

AND

cpe:2.3:o:hp:proliant_dl360_g7_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl360_g7_server:-:*:*:*:*:*:*:*

Configuration 70 [-]

AND

cpe:2.3:o:hp:proliant_bl685c_g7_server_blade_\(amd\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl685c_g7_server_blade_\(amd\):-:*:*:*:*:*:*:*

Configuration 71 [-]

AND

cpe:2.3:o:hp:proliant_bl680c_g7_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl680c_g7_server_blade:-:*:*:*:*:*:*:*

Configuration 72 [-]

AND

cpe:2.3:o:hp:proliant_bl620c_g7_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl620c_g7_server_blade:-:*:*:*:*:*:*:*

Configuration 73 [-]

AND

cpe:2.3:o:hp:proliant_bl490c_g7_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl490c_g7_server_blade:-:*:*:*:*:*:*:*

Configuration 74 [-]

AND

cpe:2.3:o:hp:proliant_bl465c_g7_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl465c_g7_server_blade:-:*:*:*:*:*:*:*

Configuration 75 [-]

AND

cpe:2.3:o:hp:proliant_bl460c_g7_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl460c_g7_server_blade:-:*:*:*:*:*:*:*

Configuration 76 [-]

AND

cpe:2.3:o:hp:proliant_sl390s_g7_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_sl390s_g7_server:-:*:*:*:*:*:*:*

Configuration 77 [-]

AND

cpe:2.3:o:hp:proliant_ml110_g7_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml110_g7_server:-:*:*:*:*:*:*:*

Configuration 78 [-]

AND

cpe:2.3:o:hp:proliant_ml10_v2_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml10_v2_server:-:*:*:*:*:*:*:*

Configuration 79 [-]

AND

cpe:2.3:o:hp:proliant_sl4545_g7_server_\(amd\)_firmware:2018.03.14\(a\):*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_sl4545_g7_server_\(amd\):-:*:*:*:*:*:*:*

Configuration 80 [-]

AND

cpe:2.3:o:hp:proliant_thin_micro_tm200_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_thin_micro_tm200_server:-:*:*:*:*:*:*:*

Configuration 81 [-]

AND

cpe:2.3:o:hp:proliant_dl380_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl380_g6_server:-:*:*:*:*:*:*:*

Configuration 82 [-]

AND

cpe:2.3:o:hp:proliant_dl370_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl370_g6_server:-:*:*:*:*:*:*:*

Configuration 83 [-]

AND

cpe:2.3:o:hp:proliant_dl360_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl360_g6_server:-:*:*:*:*:*:*:*

Configuration 84 [-]

AND

cpe:2.3:o:hp:proliant_dl320_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl320_g6_server:-:*:*:*:*:*:*:*

Configuration 85 [-]

AND

cpe:2.3:o:hp:proliant_dl180_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl180_g6_server:-:*:*:*:*:*:*:*

Configuration 86 [-]

AND

cpe:2.3:o:hp:proliant_dl170h_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl170h_g6_server:-:*:*:*:*:*:*:*

Configuration 87 [-]

AND

cpe:2.3:o:hp:proliant_dl170e_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl170e_g6_server:-:*:*:*:*:*:*:*

Configuration 88 [-]

AND

cpe:2.3:o:hp:proliant_dl160_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl160_g6_server:-:*:*:*:*:*:*:*

Configuration 89 [-]

AND

cpe:2.3:o:hp:proliant_dl120_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_dl120_g6_server:-:*:*:*:*:*:*:*

Configuration 90 [-]

AND

cpe:2.3:o:hp:proliant_ml370_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml370_g6_server:-:*:*:*:*:*:*:*

Configuration 91 [-]

AND

cpe:2.3:o:hp:proliant_ml350_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml350_g6_server:-:*:*:*:*:*:*:*

Configuration 92 [-]

AND

cpe:2.3:o:hp:proliant_ml330_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml330_g6_server:-:*:*:*:*:*:*:*

Configuration 93 [-]

AND

cpe:2.3:o:hp:proliant_ml150_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml150_g6_server:-:*:*:*:*:*:*:*

Configuration 94 [-]

AND

cpe:2.3:o:hp:proliant_ml110_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_ml110_g6_server:-:*:*:*:*:*:*:*

Configuration 95 [-]

AND

cpe:2.3:o:hp:proliant_sl2x170z_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_sl2x170z_g6_server:-:*:*:*:*:*:*:*

Configuration 96 [-]

AND

cpe:2.3:o:hp:proliant_bl490c_g6_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl490c_g6_server_blade:-:*:*:*:*:*:*:*

Configuration 97 [-]

AND

cpe:2.3:o:hp:proliant_bl460c_g6_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl460c_g6_server_blade:-:*:*:*:*:*:*:*

Configuration 98 [-]

AND

cpe:2.3:o:hp:proliant_sl170z_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_sl170z_g6_server:-:*:*:*:*:*:*:*

Configuration 99 [-]

AND

cpe:2.3:o:hp:proliant_sl160s_g6_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_sl160s_g6_server:-:*:*:*:*:*:*:*

Configuration 100 [-]

AND

cpe:2.3:o:hp:proliant_bl2x220c_g6_server_blade_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl2x220c_g6_server_blade:-:*:*:*:*:*:*:*

Configuration 101 [-]

AND

cpe:2.3:o:hp:proliant_bl280c_g6_server_bladefirmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:proliant_bl280c_g6_server:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Hp Subscribe	Integrated Lights-out Subscribe Integrated Lights-out 2 Subscribe Integrated Lights-out 2 Firmware Subscribe Integrated Lights-out 3 Firmware Subscribe Integrated Lights-out 4 Firmware Subscribe Proliant Bl280c G6 Server Subscribe Proliant Bl280c G6 Server Bladefirmware Subscribe Proliant Bl2x220c G6 Server Blade Subscribe Proliant Bl2x220c G6 Server Blade Firmware Subscribe Proliant Bl2x220c G7 Server Blade Subscribe Proliant Bl2x220c G7 Server Blade Firmware Subscribe Proliant Bl420c Gen8 Server Subscribe Proliant Bl420c Gen8 Server Firmware Subscribe Proliant Bl460c G6 Server Blade Subscribe Proliant Bl460c G6 Server Blade Firmware Subscribe Proliant Bl460c G7 Server Blade Subscribe Proliant Bl460c G7 Server Blade Firmware Subscribe Proliant Bl460c Gen8 Server Blade Subscribe Proliant Bl460c Gen8 Server Blade Firmware Subscribe Proliant Bl460c Gen9 Server Blade Subscribe Proliant Bl460c Gen9 Server Blade Firmware Subscribe Proliant Bl465c G7 Server Blade Subscribe Proliant Bl465c G7 Server Blade Firmware Subscribe Proliant Bl465c Gen8 \(amd\) Subscribe Proliant Bl465c Gen8 \(amd\) Firmware Subscribe Proliant Bl490c G6 Server Blade Subscribe Proliant Bl490c G6 Server Blade Firmware Subscribe Proliant Bl490c G7 Server Blade Subscribe Proliant Bl490c G7 Server Blade Firmware Subscribe Proliant Bl620c G7 Server Blade Subscribe Proliant Bl620c G7 Server Blade Firmware Subscribe Proliant Bl660c Gen8 Server Subscribe Proliant Bl660c Gen8 Server Blade Firmware Subscribe Proliant Bl660c Gen9 Server Subscribe Proliant Bl660c Gen9 Server Firmware Subscribe Proliant Bl680c G7 Server Blade Subscribe Proliant Bl680c G7 Server Blade Firmware Subscribe Proliant Bl685c G7 Server Blade \(amd\) Subscribe Proliant Bl685c G7 Server Blade \(amd\) Firmware Subscribe Proliant Dl120 G6 Server Subscribe Proliant Dl120 G6 Server Firmware Subscribe Proliant Dl120 G7 Server Subscribe Proliant Dl120 G7 Server Firmware Subscribe Proliant Dl120 Gen9 Server Subscribe Proliant Dl120 Gen9 Server Firmware Subscribe Proliant Dl160 G6 Server Subscribe Proliant Dl160 G6 Server Firmware Subscribe Proliant Dl160 Gen8 Server Subscribe Proliant Dl160 Gen8 Server Firmware Subscribe Proliant Dl160 Gen9 Server Subscribe Proliant Dl160 Gen9 Server Firmware Subscribe Proliant Dl170e G6 Server Subscribe Proliant Dl170e G6 Server Firmware Subscribe Proliant Dl170h G6 Server Subscribe Proliant Dl170h G6 Server Firmware Subscribe Proliant Dl180 G6 Server Subscribe Proliant Dl180 G6 Server Firmware Subscribe Proliant Dl180 Gen9 Server Subscribe Proliant Dl180 Gen9 Server Firmware Subscribe Proliant Dl20 Gen9 Server Subscribe Proliant Dl20 Gen9 Server Firmware Subscribe Proliant Dl320 G6 Server Subscribe Proliant Dl320 G6 Server Firmware Subscribe Proliant Dl320e Gen8 Server Subscribe Proliant Dl320e Gen8 Server Firmware Subscribe Proliant Dl320e Gen8 V2 Server Subscribe Proliant Dl320e Gen8 V2 Server Firmware Subscribe Proliant Dl360 G6 Server Subscribe Proliant Dl360 G6 Server Firmware Subscribe Proliant Dl360 G7 Server Subscribe Proliant Dl360 G7 Server Firmware Subscribe Proliant Dl360 Gen9 Server Subscribe Proliant Dl360 Gen9 Server Firmware Subscribe Proliant Dl360e Gen8 Server Subscribe Proliant Dl360e Gen8 Server Firmware Subscribe Proliant Dl360p Gen8 Server Subscribe Proliant Dl360p Gen8 Server Firmware Subscribe Proliant Dl370 G6 Server Subscribe Proliant Dl370 G6 Server Firmware Subscribe Proliant Dl380 G6 Server Subscribe Proliant Dl380 G6 Server Firmware Subscribe Proliant Dl380 G7 Server Subscribe Proliant Dl380 G7 Server Firmware Subscribe Proliant Dl380 Gen9 Server Subscribe Proliant Dl380 Gen9 Server Firmware Subscribe Proliant Dl380e Gen8 Server Subscribe Proliant Dl380e Gen8 Server Firmware Subscribe Proliant Dl380p Gen8 Server Subscribe Proliant Dl380p Gen8 Server Firmware Subscribe Proliant Dl385 G7 Server Subscribe Proliant Dl385 G7 Server Firmware Subscribe Proliant Dl385p Gen8 \(amd\) Subscribe Proliant Dl385p Gen8 \(amd\) Firmware Subscribe Proliant Dl560 Gen8 Server Subscribe Proliant Dl560 Gen8 Server Firmware Subscribe Proliant Dl560 Gen9 Server Subscribe Proliant Dl560 Gen9 Server Firmware Subscribe Proliant Dl580 G7 Server Subscribe Proliant Dl580 G7 Server Firmware Subscribe Proliant Dl580 Gen8 Server Subscribe Proliant Dl580 Gen8 Server Firmware Subscribe Proliant Dl585 G7 Server \(amd\) Subscribe Proliant Dl585 G7 Server \(amd\) Firmware Subscribe Proliant Dl60 Gen9 Server Subscribe Proliant Dl60 Gen9 Server Firmware Subscribe Proliant Dl80 Gen9 Server Subscribe Proliant Dl80 Gen9 Server Firmware Subscribe Proliant Dl980 G7 Server Subscribe Proliant Dl980 G7 Server Firmware Subscribe Proliant Gen6 Server Subscribe Proliant Gen7 Server Subscribe Proliant Gen8 Server Subscribe Proliant M300 Server Cartridge Subscribe Proliant M300 Server Cartridge Firmware Subscribe Proliant M350 Server Cartridge Subscribe Proliant M350 Server Cartridge Firmware Subscribe Proliant M510 Server Cartridge Subscribe Proliant M510 Server Cartridge Firmware Subscribe Proliant M710 Server Cartridge Subscribe Proliant M710 Server Cartridge Firmware Subscribe Proliant M710p Server Cartridge Subscribe Proliant M710p Server Cartridge Firmware Subscribe Proliant M710x Server Cartridge Subscribe Proliant M710x Server Cartridge Firmware Subscribe Proliant Microserver Gen8 Subscribe Proliant Microserver Gen8 Firmware Subscribe Proliant Ml10 Gen9 Server Subscribe Proliant Ml10 Gen9 Server Firmware Subscribe Proliant Ml10 V2 Server Subscribe Proliant Ml10 V2 Server Firmware Subscribe Proliant Ml110 G6 Server Subscribe Proliant Ml110 G6 Server Firmware Subscribe Proliant Ml110 G7 Server Subscribe Proliant Ml110 G7 Server Firmware Subscribe Proliant Ml110 Gen9 Server Subscribe Proliant Ml110 Gen9 Server Firmware Subscribe Proliant Ml150 G6 Server Subscribe Proliant Ml150 G6 Server Firmware Subscribe Proliant Ml150 Gen9 Server Subscribe Proliant Ml150 Gen9 Server Firmware Subscribe Proliant Ml30 Gen9 Server Subscribe Proliant Ml30 Gen9 Server Firmware Subscribe Proliant Ml310e Gen8 Server Subscribe Proliant Ml310e Gen8 Server Firmware Subscribe Proliant Ml310e Gen8 V2 Server Subscribe Proliant Ml310e Gen8 V2 Server Firmware Subscribe Proliant Ml330 G6 Server Subscribe Proliant Ml330 G6 Server Firmware Subscribe Proliant Ml350 G6 Server Subscribe Proliant Ml350 G6 Server Firmware Subscribe Proliant Ml350 Gen9 Server Subscribe Proliant Ml350 Gen9 Server Firmware Subscribe Proliant Ml350e Gen8 Server Subscribe Proliant Ml350e Gen8 Server Firmware Subscribe Proliant Ml350e Gen8 V2 Server Subscribe Proliant Ml350e Gen8 V2 Server Firmware Subscribe Proliant Ml350p Gen8 Server Subscribe Proliant Ml350p Gen8 Server Firmware Subscribe Proliant Ml370 G6 Server Subscribe Proliant Ml370 G6 Server Firmware Subscribe Proliant Sl160s G6 Server Subscribe Proliant Sl160s G6 Server Firmware Subscribe Proliant Sl170z G6 Server Subscribe Proliant Sl170z G6 Server Firmware Subscribe Proliant Sl210t Gen8 Server Subscribe Proliant Sl210t Gen8 Server Firmware Subscribe Proliant Sl250s Gen8 Server Subscribe Proliant Sl250s Gen8 Server Firmware Subscribe Proliant Sl270s Gen8 Server Subscribe Proliant Sl270s Gen8 Server Firmware Subscribe Proliant Sl2x170z G6 Server Subscribe Proliant Sl2x170z G6 Server Firmware Subscribe Proliant Sl390s G7 Server Subscribe Proliant Sl390s G7 Server Firmware Subscribe Proliant Sl4540 Gen8 1 Node Server Subscribe Proliant Sl4540 Gen8 1 Node Server Firmware Subscribe Proliant Sl4545 G7 Server \(amd\) Subscribe Proliant Sl4545 G7 Server \(amd\) Firmware Subscribe Proliant Thin Micro Tm200 Server Subscribe Proliant Thin Micro Tm200 Server Firmware Subscribe Proliant Ws460c Gen9 Workstation Subscribe Proliant Ws460c Gen9 Workstation Firmware Subscribe Proliant Xl170r Gen9 Server Subscribe Proliant Xl170r Gen9 Server Firmware Subscribe Proliant Xl190r Gen9 Server Subscribe Proliant Xl190r Gen9 Server Firmware Subscribe Proliant Xl230a Gen9 Server Subscribe Proliant Xl230a Gen9 Server Firmware Subscribe Proliant Xl250a Gen9 Server Subscribe Proliant Xl250a Gen9 Server Firmware Subscribe Proliant Xl260a Gen9 Server Subscribe Proliant Xl260a Gen9 Server Firmware Subscribe Proliant Xl270d Gen9 Accelerator Tray Subscribe Proliant Xl270d Gen9 Accelerator Tray Firmware Subscribe Proliant Xl270d Gen9 Server Subscribe Proliant Xl270d Gen9 Server Firmware Subscribe Proliant Xl450 Gen9 Server Subscribe Proliant Xl450 Gen9 Server Firmware Subscribe Proliant Xl730f Gen9 Server Subscribe Proliant Xl730f Gen9 Server Firmware Subscribe Proliant Xl740f Gen9 Server Subscribe Proliant Xl740f Gen9 Server Firmware Subscribe Proliant Xl750f Gen9 Server Subscribe Proliant Xl750f Gen9 Server Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2018-18855	The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securitytracker.com/id/1041984
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2018-12-03T15:00:00

Updated: 2024-08-05T06:17:17.526Z

Reserved: 2018-02-15T00:00:00

Link: CVE-2018-7112

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-12-03T15:29:00.383

Modified: 2024-11-21T04:11:39.753

Link: CVE-2018-7112

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object