Vulnerabilites related to lenovo - idataplex_dx360_m4_water_cooled_firmware
Vulnerability from fkie_nvd
Published
2020-10-14 22:15
Modified
2024-11-21 05:38
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:bladecenter_hs23_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "32261693-2F07-4356-BD05-E9A08AA38934", versionEndExcluding: "tke170b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:bladecenter_hs23:-:*:*:*:*:*:*:*", matchCriteriaId: "94192605-6810-4405-B8CF-2474A7283FE4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:bladecenter_hs23e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2DF1BDF-A5B5-4CAD-91BF-292A74D9456C", versionEndExcluding: "ahe172b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:bladecenter_hs23e:-:*:*:*:*:*:*:*", matchCriteriaId: "7C271D4E-D8C3-4266-8805-CC6289338322", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:compute_node-x440_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A0AAD714-219E-4DD1-9EAA-20A480BA1AFB", versionEndExcluding: "cge128a", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:compute_node-x440:-:*:*:*:*:*:*:*", matchCriteriaId: "5D97E593-A7D1-4E1E-BE9C-4A65718A0B83", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_system_x220_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA7B69B2-73C3-446E-8882-C97F604CF915", versionEndExcluding: "kse170b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_system_x220:-:*:*:*:*:*:*:*", matchCriteriaId: "C8D84D5A-64BF-4F40-9166-96080D5EE375", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_system_x240_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C548A10D-EEF3-48CD-9F40-3799C602B8AE", versionEndExcluding: "b2e172b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_system_x240:-:*:*:*:*:*:*:*", matchCriteriaId: "9BBA2148-9A2A-4216-8A68-1289386DA71D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_system_x440_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9709B66B-3D67-438C-A527-8B638819E6B8", versionEndExcluding: "cne172b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_system_x440:-:*:*:*:*:*:*:*", matchCriteriaId: "3D5B7974-7069-4C39-8851-8E053D9B3920", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:nextscale_nx360_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "852D2502-9E2A-4044-8D47-B2CBF5BC78C2", versionEndExcluding: "fhe132b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:nextscale_nx360_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "3DF04618-9824-40E6-B119-F398F32C2BE2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3300_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F16B176-B340-4767-A436-3E8ABE511E85", versionEndExcluding: "yae166b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3300_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "E88143F0-BC83-4B20-B88D-2D9427CF0B6C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3500_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA1BE3AD-A5DF-4092-A304-65EACA237F9B", versionEndExcluding: "y5e170b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3500_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "64E63E60-086B-4617-92BF-9500A81DEE8B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3530_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F431F6EF-481A-4936-A6DB-16C24E716489", versionEndExcluding: "bee174b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3530_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "C54AE14C-8428-4C8B-8F81-8CCC4B031335", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3550_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00EF3CBB-6FEB-4A27-BDBD-0B767C3CDB08", versionEndExcluding: "d7e174b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3550_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "027CED16-1A03-4336-876F-D22776D4927D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3630_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D8C6FFAD-717E-4229-AFED-7009F101AA9B", versionEndExcluding: "bee174b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3630_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "4F3E6BBF-5729-4AD1-AE0E-0F2627D6EE71", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3650_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "052A80E7-0C9B-4EE0-927B-C66DAFDA18FA", versionEndExcluding: "vve172b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3650_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "B9008487-EFB6-4714-AD8C-70DE47BDCD2A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3650_m4_bd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF2118D6-53FE-495F-B64A-D992B144B81F", versionEndExcluding: "vve172b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3650_m4_bd:-:*:*:*:*:*:*:*", matchCriteriaId: "01E601E3-DEE5-4813-986B-B7C2A3A17BCA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3650_m4_hd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "12E2D764-C716-4851-AC19-D9485D1ED4BE", versionEndExcluding: "vve172b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3650_m4_hd:-:*:*:*:*:*:*:*", matchCriteriaId: "3B71BB90-629C-4CB7-9CAF-44C605313EF8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "923DEC4C-AECA-4BDF-9CC0-A6F8DCAD0530", versionEndExcluding: "a5e130a", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:system_x3750_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "361AFEDD-D4FA-4B50-8629-BC800A0475B3", versionEndExcluding: "koe170b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:system_x3750_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "6A554CB8-7FE1-454D-8E3D-AA3EC80EEB90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:idataplex_dx360_m4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "60A430BE-83BF-4F9D-9FBC-1A89F6C44714", versionEndExcluding: "tde168b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:idataplex_dx360_m4:-:*:*:*:*:*:*:*", matchCriteriaId: "ADDDC5A4-7149-4C2B-9835-AEA1F0EE61E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:idataplex_dx360_m4_water_cooled_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "988FC3E2-00E4-4CF9-B021-C07D9590C2D3", versionEndExcluding: "tde168b", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:idataplex_dx360_m4_water_cooled:-:*:*:*:*:*:*:*", matchCriteriaId: "446539A5-99A6-49CA-B1A1-FD2A06BDE96A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.", }, { lang: "es", value: "Una potencial vulnerabilidad en la devolución de llamada de la función SMI utilizada en los controladores USB del modo BIOS heredado en algunos servidores Lenovo e IBM System x heredados puede permitir una ejecución de código arbitraria. Los servidores que funcionan en modo UEFI no están afectados", }, ], id: "CVE-2020-8332", lastModified: "2024-11-21T05:38:43.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "psirt@lenovo.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-14T22:15:13.403", references: [ { source: "psirt@lenovo.com", tags: [ "Vendor Advisory", ], url: "https://support.lenovo.com/us/en/product_security/LEN-38625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.lenovo.com/us/en/product_security/LEN-38625", }, ], sourceIdentifier: "psirt@lenovo.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-367", }, ], source: "psirt@lenovo.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-367", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2020-8332
Vulnerability from cvelistv5
Published
2020-10-14 21:25
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
References
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/us/en/product_security/LEN-38625 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.331Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/LEN-38625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "System x", vendor: "Lenovo", versions: [ { status: "affected", version: "various", }, ], }, { product: "System x", vendor: "IBM", versions: [ { status: "affected", version: "various", }, ], }, ], descriptions: [ { lang: "en", value: "A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-14T21:25:19", orgId: "da227ddf-6e25-4b41-b023-0f976dcaca4b", shortName: "lenovo", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.lenovo.com/us/en/product_security/LEN-38625", }, ], solutions: [ { lang: "en", value: "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-38625.", }, ], source: { advisory: "LEN-38625", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@lenovo.com", ID: "CVE-2020-8332", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "System x", version: { version_data: [ { version_affected: "=", version_value: "various", }, ], }, }, ], }, vendor_name: "Lenovo", }, { product: { product_data: [ { product_name: "System x", version: { version_data: [ { version_affected: "=", version_value: "various", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", }, ], }, ], }, references: { reference_data: [ { name: "https://support.lenovo.com/us/en/product_security/LEN-38625", refsource: "MISC", url: "https://support.lenovo.com/us/en/product_security/LEN-38625", }, ], }, solution: [ { lang: "en", value: "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-38625.", }, ], source: { advisory: "LEN-38625", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "da227ddf-6e25-4b41-b023-0f976dcaca4b", assignerShortName: "lenovo", cveId: "CVE-2020-8332", datePublished: "2020-10-14T21:25:19", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:28.331Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }