FKIE_CVE-2018-1992

Vulnerability from fkie_nvd - Published: 2019-03-21 16:00 - Updated: 2024-11-21 04:00
Severity ?
6.4 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/154345VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10868992Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/154345VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10868992Vendor Advisory
Impacted products
Vendor Product Version
ibm power_system_s922_\(9009-22a\)_firmware *
ibm power_system_s922_\(9009-22a\) -
ibm power_system_h922_\(9223-22h\)_firmware *
ibm power_system_h922_\(9223-22h\) -
ibm power_system_s914_\(9009-41a\)_firmware *
ibm power_system_s914_\(9009-41a\) -
ibm power_system_s924_\(9009-42a\)_firmware *
ibm power_system_s924_\(9009-42a\) -
ibm power_system_h924_\(9223-42h\)_firmware *
ibm power_system_h924_\(9223-42h\) -
ibm power_system_l922_\(9008-22l\)_firmware *
ibm power_system_l922_\(9008-22l\) -
ibm power_system_ac922_\(8335-gtg\)_firmware *
ibm power_system_ac922_\(8335-gtg\) -
ibm power_system_ac922_\(8335-gth\)_firmware *
ibm power_system_ac922_\(8335-gth\) -
ibm power_system_ac922_\(8335-gtx\)_firmware *
ibm power_system_ac922_\(8335-gtx\) -
ibm power_system_lc921_\(9006-12p\)_firmware *
ibm power_system_lc921_\(9006-12p\) -
ibm power_system_lc922_\(9006-22p\)_firmware *
ibm power_system_lc922_\(9006-22p\) -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_s922_\\(9009-22a\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AF6C901-2C6C-40B7-B1F1-73875927104D",
              "versionEndExcluding": "fw910.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s922_\\(9009-22a\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB350B1-3964-485A-AAB3-55558DD375BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_h922_\\(9223-22h\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93309D9-585E-408A-BAB8-E80D84F859D1",
              "versionEndExcluding": "fw910.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_h922_\\(9223-22h\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "633D5D2E-300A-4896-8F90-57F9B7AFE01E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_s914_\\(9009-41a\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D58C2-885B-429D-B486-530D69779FA6",
              "versionEndExcluding": "fw910.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s914_\\(9009-41a\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D9CA070-A7E4-451A-9C3C-D2622E7A9A92",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_s924_\\(9009-42a\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB100DDB-AF3E-443D-A277-0C3B7DA95800",
              "versionEndExcluding": "fw910.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_s924_\\(9009-42a\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A41386-AAE5-409C-9355-2EEB07F01926",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_h924_\\(9223-42h\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5C86D5-37BE-41A2-8CDE-F88159053E91",
              "versionEndExcluding": "fw910.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_h924_\\(9223-42h\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24CC25C2-BE64-4022-A229-D639CED27B00",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_l922_\\(9008-22l\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D568603-B409-4085-9F98-3FDA998FE729",
              "versionEndExcluding": "fw910.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_l922_\\(9008-22l\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61493605-7807-498B-9DD7-48B244AD0415",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_ac922_\\(8335-gtg\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9C221C-D7CE-40F7-8767-816A1F3CF052",
              "versionEndExcluding": "op910.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_ac922_\\(8335-gtg\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "281D775E-2651-4B60-A09E-29D4D8DA7E6B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_ac922_\\(8335-gth\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8045E43D-72EB-4CA2-AF08-F685D0C3A9CB",
              "versionEndExcluding": "op920.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_ac922_\\(8335-gth\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D95F0B5F-EFEE-4002-AB88-1DD0CE3CAC46",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_ac922_\\(8335-gtx\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FBF08A9-1C85-4A7D-9D60-2A10292191E8",
              "versionEndExcluding": "op920.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_ac922_\\(8335-gtx\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ABEAED-DCF7-4375-A3F4-06169211229A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_lc921_\\(9006-12p\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CA7C4B-E649-4AB7-A728-26FFB218EF04",
              "versionEndExcluding": "op920.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_lc921_\\(9006-12p\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02006563-9574-42F1-89FF-F74244D2EDFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:power_system_lc922_\\(9006-22p\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "609BAC9A-8F6E-4328-B2F9-B61475111891",
              "versionEndExcluding": "op920.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:power_system_lc922_\\(9006-22p\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "021D9E58-F6C8-4541-847B-4A35E44A4194",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware\u0027s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system\u0027s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345."
    },
    {
      "lang": "es",
      "value": "El bootloader del firmware de arranque de IBM Power 9 OP910, OP920 y FW910 es responsable de cargar y validar la imagen de firmware de arranque inicial que inicializa el resto del hardware del sistema. El firmware del bootloader contiene una vulnerabilidad de desbordamiento de b\u00fafer por la que, si un atacante pudiese reemplazar la imagen de firmware de arranque inicial por un reemplazo cuidadosamente manipulado y lo suficientemente grande, podr\u00eda provocar que el bootloader sobrescriba su propia memoria de instrucci\u00f3n durante la carga de dicha imagen y omita las protecciones de arranque seguras, instale troyanos, etc. IBM X-Force ID: 154345."
    }
  ],
  "id": "CVE-2018-1992",
  "lastModified": "2024-11-21T04:00:42.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-21T16:00:33.107",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.