Description
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
No analysis available yet.
Remediation
Vendor Solution
Update BMC firmware
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2018-20689 | In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users. |
References
| Link | Providers |
|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-23836 |
|
History
No history.
Status: PUBLISHED
Assigner: lenovo
Published:
Updated: 2024-08-05T07:17:51.040Z
Reserved: 2018-03-27T00:00:00.000Z
Link: CVE-2018-9086
No data.
Status : Modified
Published: 2018-11-16T14:29:00.457
Modified: 2026-06-17T02:06:03.750
Link: CVE-2018-9086
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
EUVD