CVE-2019-6155 - OpenCVE

A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Bladecenter Hs23 Bladecenter Hs23 Firmware System X3530 M4 System X3530 M4 Firmware System X3630 M4 System X3630 M4 Firmware System X3650 M4 Hd System X3650 M4 Hd Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.lenovo.com/solutions/LEN-25165

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2019-04-22T15:21:29.643053Z

Updated: 2024-09-16T18:24:36.117Z

Reserved: 2019-01-11T00:00:00

Link: CVE-2019-6155

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-22T16:29:01.973

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-6155

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "System x BIOS", "vendor": "IBM", "versions": [{"status": "affected", "version": "various"}]}, {"product": "BladeCenter BIOS", "vendor": "IBM", "versions": [{"status": "affected", "version": "various"}]}], "datePublic": "2019-04-18T00:00:00", "descriptions": [{"lang": "en", "value": "A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-22T15:21:29", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.lenovo.com/solutions/LEN-25165"}], "source": {"advisory": "LEN-25165", "discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-04-18T16:00:00.000Z", "ID": "CVE-2019-6155", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "System x BIOS", "version": {"version_data": [{"version_value": "various"}]}}, {"product_name": "BladeCenter BIOS", "version": {"version_data": [{"version_value": "various"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/solutions/LEN-25165", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-25165"}]}, "source": {"advisory": "LEN-25165", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:23.630Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.lenovo.com/solutions/LEN-25165"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6155", "datePublished": "2019-04-22T15:21:29.643053Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T18:24:36.117Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C47680DB-FA31-4261-BF61-FFAB6B39A175", "versionEndExcluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter_hs23:-:*:*:*:*:*:*:*", "matchCriteriaId": "C010052B-1EBD-4129-9DCE-077575B8286A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3530_m4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3A60B72-DEDC-47C6-86B6-BEA65751745E", "versionEndExcluding": "3.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3530_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAFFBE1-E343-4DCB-A44D-2E29C547CC28", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3630_m4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "85411F05-2916-47AE-A1C2-4A3BBD8C3A12", "versionEndExcluding": "3.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3630_m4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3B656E6-B70F-49AB-B17C-F89849CA516E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0590A6B-3AE0-4C06-A614-5BEC880C06A2", "versionEndExcluding": "2.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_x3650_m4_hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "44DF5766-53F1-4AE8-AB8F-97C0F36215B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad potencial en un manipulador SMI en varias versiones de BIOS de ciertos sistemas legacy IBM System x e IBM BladeCenter que podr\u00eda conducir a la denegaci\u00f3n de servicio"}], "id": "CVE-2019-6155", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2019-04-22T16:29:01.973", "references": [{"source": "psirt@lenovo.com", "tags": ["Third Party Advisory"], "url": "https://support.lenovo.com/solutions/LEN-25165"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}