CVE-2018-7112
Last modified
CVE-2018-7112 is a vulnerability of currently unknown severity. The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. EPSS estimates a 0.67% chance of exploitation in the next 30 days.
Description
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hp | Integrated Lights-Out 2 Firmware | < 2.33 |
| Hp | Integrated Lights-Out 3 Firmware | < 1.90 |
| Hp | Integrated Lights-Out 4 Firmware | < 2.60 |
| Hp | Proliant Xl750f Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Xl740f Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Xl730f Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Xl450 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Xl270d Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Xl270d Gen9 Accelerator Tray Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Xl260a Gen9 Server Firmware | < 1.60_01-22-2018 |
| Hp | Proliant Xl250a Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Xl230a Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Xl190r Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Xl170r Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl560 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl380 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl360 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl180 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl160 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl120 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl80 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl60 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl20 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Ml350 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Ml150 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Ml110 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Ml30 Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Ml10 Gen9 Server Firmware | < 2018.01.22 |
| Hp | Proliant Bl660c Gen9 Server Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Bl460c Gen9 Server Blade Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Ws460c Gen9 Workstation Firmware | < 2.56_01-22-2018 |
| Hp | Proliant Dl380e Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Dl360p Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Dl360e Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Dl320e Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Dl320e Gen8 V2 Server Firmware | < 2018.01.22 |
| Hp | Proliant Dl160 Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Sl250s Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Sl210t Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Bl660c Gen8 Server Blade Firmware | < 2018.01.22 |
| Hp | Proliant Bl465c Gen8 \(Amd\) Firmware | < 2018.03.14 |
| Hp | Proliant Bl460c Gen8 Server Blade Firmware | < 2018.01.22 |
| Hp | Proliant Bl420c Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Sl4540 Gen8 1 Node Server Firmware | < 2018.01.22 |
| Hp | Proliant Sl270s Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Dl580 Gen8 Server Firmware | < 2.00_02-22-2018 |
| Hp | Proliant Dl560 Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Dl380p Gen8 Server Firmware | < 2018.01.22 |
| Hp | Proliant Dl385p Gen8 \(Amd\) Firmware | < 2018.03.14 |
| Hp | Proliant Ml350e Gen8 V2 Server Firmware | < 2018.01.22 |
Showing 50 of 101 affected configurations. See NVD for the full list.
References
- http://www.securitytracker.com/id/1041984Third Party Advisory, VDB Entry
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_usNot Applicable, Vendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_usNot Applicable, Vendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_usNot Applicable, Vendor Advisory
- http://www.securitytracker.com/id/1041984Third Party Advisory, VDB Entry
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_usNot Applicable, Vendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_usNot Applicable, Vendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_usNot Applicable, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-7112?
How severe is CVE-2018-7112?
How do I fix CVE-2018-7112?
Are you affected by CVE-2018-7112?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST