CVE-2018-9086 - OpenCVE

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Thinkserver Rd340 Thinkserver Rd340 Firmware Thinkserver Rd440 Thinkserver Rd440 Firmware Thinkserver Rd640 Thinkserver Rd640 Firmware Thinkserver Td340 Thinkserver Td340 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkserver_rd340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkserver_rd340:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkserver_rd440_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkserver_rd440:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkserver_rd640_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkserver_rd640:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkserver_td340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkserver_td340:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/solutions/LEN-23836

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2018-11-16T14:00:00

Updated: 2024-08-05T07:17:51.040Z

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9086

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-11-16T14:29:00.457

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-9086

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ThinkServer BMC", "vendor": "Lenovo", "versions": [{"lessThan": "varies", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-16T13:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/solutions/LEN-23836"}], "solutions": [{"lang": "en", "value": "Update BMC firmware"}], "source": {"advisory": "LEN-23836", "discovery": "INTERNAL"}, "title": "Legacy Server BMC Remote Command Injection", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2018-9086", "STATE": "PUBLIC", "TITLE": "Legacy Server BMC Remote Command Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ThinkServer BMC", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "varies"}]}}]}, "vendor_name": "Lenovo"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/solutions/LEN-23836", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/solutions/LEN-23836"}]}, "solution": [{"lang": "en", "value": "Update BMC firmware"}], "source": {"advisory": "LEN-23836", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:17:51.040Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/solutions/LEN-23836"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2018-9086", "datePublished": "2018-11-16T14:00:00", "dateReserved": "2018-03-27T00:00:00", "dateUpdated": "2024-08-05T07:17:51.040Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "310C9518-E17E-4E40-9936-98258F89F6F3", "versionEndExcluding": "64.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd340:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A48E001-1D62-4A25-8C7F-D4691BAEC3DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd440_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "74FA6345-B9DC-40D2-8F22-33BEA9BE76D9", "versionEndExcluding": "64.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd440:-:*:*:*:*:*:*:*", "matchCriteriaId": "3ED7B28A-1E10-4011-8250-8E060F74E3CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd640_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A558233-49C4-4CF9-A0D0-4AB2DDCEC458", "versionEndExcluding": "64.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd640:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E66D761-1400-41AE-AAB7-E54B80B3FAC8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_td340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E03AAA4-6496-44B0-BBF8-8DDAE1316312", "versionEndExcluding": "60.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_td340:-:*:*:*:*:*:*:*", "matchCriteriaId": "42109D0F-9FDD-4199-A946-64C453B40CFD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users."}, {"lang": "es", "value": "En algunos servidores de marca Lenovo ThinkServer, existe una vulnerabilidad de inyecci\u00f3n de comandos en el comando de descarga del firmware de BMC. Esto permite que un usuario privilegiado descargue y ejecute c\u00f3digo arbitrario en el BMC. Esto solo puede ser explotado por usuarios privilegiados autorizados."}], "id": "CVE-2018-9086", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-16T14:29:00.457", "references": [{"source": "psirt@lenovo.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://support.lenovo.com/us/en/solutions/LEN-23836"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}