Vulnerability Details CVE-2018-7112
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.9
References
- http://www.securitytracker.com/id/1041984
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us
- http://www.securitytracker.com/id/1041984
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us
Products affected by CVE-2018-7112
-
cpe:2.3:h:hp:integrated_lights-out:-
-
cpe:2.3:h:hp:integrated_lights-out_2:-
-
cpe:2.3:h:hp:proliant_bl280c_g6_server:-
-
cpe:2.3:h:hp:proliant_bl2x220c_g6_server_blade:-
-
cpe:2.3:h:hp:proliant_bl2x220c_g7_server_blade:-
-
cpe:2.3:h:hp:proliant_bl420c_gen8_server:-
-
cpe:2.3:h:hp:proliant_bl460c_g6_server_blade:-
-
cpe:2.3:h:hp:proliant_bl460c_g7_server_blade:-
-
cpe:2.3:h:hp:proliant_bl460c_gen8_server_blade:-
-
cpe:2.3:h:hp:proliant_bl460c_gen9_server_blade:-
-
cpe:2.3:h:hp:proliant_bl465c_g7_server_blade:-
-
cpe:2.3:h:hp:proliant_bl465c_gen8_(amd):-
-
cpe:2.3:h:hp:proliant_bl490c_g6_server_blade:-
-
cpe:2.3:h:hp:proliant_bl490c_g7_server_blade:-
-
cpe:2.3:h:hp:proliant_bl620c_g7_server_blade:-
-
cpe:2.3:h:hp:proliant_bl660c_gen8_server:-
-
cpe:2.3:h:hp:proliant_bl660c_gen9_server:-
-
cpe:2.3:h:hp:proliant_bl680c_g7_server_blade:-
-
cpe:2.3:h:hp:proliant_bl685c_g7_server_blade_(amd):-
-
cpe:2.3:h:hp:proliant_dl120_g6_server:-
-
cpe:2.3:h:hp:proliant_dl120_g7_server:-
-
cpe:2.3:h:hp:proliant_dl120_gen9_server:-
-
cpe:2.3:h:hp:proliant_dl160_g6_server:-
-
cpe:2.3:h:hp:proliant_dl160_gen8_server:-
-
cpe:2.3:h:hp:proliant_dl160_gen9_server:-
-
cpe:2.3:h:hp:proliant_dl170e_g6_server:-
-
cpe:2.3:h:hp:proliant_dl170h_g6_server:-
-
cpe:2.3:h:hp:proliant_dl180_g6_server:-
-
cpe:2.3:h:hp:proliant_dl180_gen9_server:-
-
cpe:2.3:h:hp:proliant_dl20_gen9_server:-
-
cpe:2.3:h:hp:proliant_dl320_g6_server:-
-
cpe:2.3:h:hp:proliant_dl320e_gen8_server:-
-
cpe:2.3:h:hp:proliant_dl320e_gen8_v2_server:-
-
cpe:2.3:h:hp:proliant_dl360_g6_server:-
-
cpe:2.3:h:hp:proliant_dl360_g7_server:-
-
cpe:2.3:h:hp:proliant_dl360_gen9_server:-
-
cpe:2.3:h:hp:proliant_dl360e_gen8_server:-
-
cpe:2.3:h:hp:proliant_dl360p_gen8_server:-
-
cpe:2.3:h:hp:proliant_dl370_g6_server:-
-
cpe:2.3:h:hp:proliant_dl380_g6_server:-
-
cpe:2.3:h:hp:proliant_dl380_g7_server:-
-
cpe:2.3:h:hp:proliant_dl380_gen9_server:-
-
cpe:2.3:h:hp:proliant_dl380e_gen8_server:-
-
cpe:2.3:h:hp:proliant_dl380p_gen8_server:-
-
cpe:2.3:h:hp:proliant_dl385_g7_server:-
-
cpe:2.3:h:hp:proliant_dl385p_gen8_(amd):-
-
cpe:2.3:h:hp:proliant_dl560_gen8_server:-
-
cpe:2.3:h:hp:proliant_dl560_gen9_server:-
-
cpe:2.3:h:hp:proliant_dl580_g7_server:-
-
cpe:2.3:h:hp:proliant_dl580_gen8_server:-
-
cpe:2.3:h:hp:proliant_dl585_g7_server_(amd):-
-
cpe:2.3:h:hp:proliant_dl60_gen9_server:-
-
cpe:2.3:h:hp:proliant_dl80_gen9_server:-
-
cpe:2.3:h:hp:proliant_dl980_g7_server:-
-
cpe:2.3:h:hp:proliant_gen6_server:-
-
cpe:2.3:h:hp:proliant_gen7_server:-
-
cpe:2.3:h:hp:proliant_gen8_server:-
-
cpe:2.3:h:hp:proliant_m300_server_cartridge:-
-
cpe:2.3:h:hp:proliant_m350_server_cartridge:-
-
cpe:2.3:h:hp:proliant_m510_server_cartridge:-
-
cpe:2.3:h:hp:proliant_m710_server_cartridge:-
-
cpe:2.3:h:hp:proliant_m710p_server_cartridge:-
-
cpe:2.3:h:hp:proliant_m710x_server_cartridge:-
-
cpe:2.3:h:hp:proliant_microserver_gen8:-
-
cpe:2.3:h:hp:proliant_ml10_gen9_server:-
-
cpe:2.3:h:hp:proliant_ml10_v2_server:-
-
cpe:2.3:h:hp:proliant_ml110_g6_server:-
-
cpe:2.3:h:hp:proliant_ml110_g7_server:-
-
cpe:2.3:h:hp:proliant_ml110_gen9_server:-
-
cpe:2.3:h:hp:proliant_ml150_g6_server:-
-
cpe:2.3:h:hp:proliant_ml150_gen9_server:-
-
cpe:2.3:h:hp:proliant_ml30_gen9_server:-
-
cpe:2.3:h:hp:proliant_ml310e_gen8_server:-
-
cpe:2.3:h:hp:proliant_ml310e_gen8_v2_server:-
-
cpe:2.3:h:hp:proliant_ml330_g6_server:-
-
cpe:2.3:h:hp:proliant_ml350_g6_server:-
-
cpe:2.3:h:hp:proliant_ml350_gen9_server:-
-
cpe:2.3:h:hp:proliant_ml350e_gen8_server:-
-
cpe:2.3:h:hp:proliant_ml350e_gen8_v2_server:-
-
cpe:2.3:h:hp:proliant_ml350p_gen8_server:-
-
cpe:2.3:h:hp:proliant_ml370_g6_server:-
-
cpe:2.3:h:hp:proliant_sl160s_g6_server:-
-
cpe:2.3:h:hp:proliant_sl170z_g6_server:-
-
cpe:2.3:h:hp:proliant_sl210t_gen8_server:-
-
cpe:2.3:h:hp:proliant_sl250s_gen8_server:-
-
cpe:2.3:h:hp:proliant_sl270s_gen8_server:-
-
cpe:2.3:h:hp:proliant_sl2x170z_g6_server:-
-
cpe:2.3:h:hp:proliant_sl390s_g7_server:-
-
cpe:2.3:h:hp:proliant_sl4540_gen8_1_node_server:-
-
cpe:2.3:h:hp:proliant_sl4545_g7_server_(amd):-
-
cpe:2.3:h:hp:proliant_thin_micro_tm200_server:-
-
cpe:2.3:h:hp:proliant_ws460c_gen9_workstation:-
-
cpe:2.3:h:hp:proliant_xl170r_gen9_server:-
-
cpe:2.3:h:hp:proliant_xl190r_gen9_server:-
-
cpe:2.3:h:hp:proliant_xl230a_gen9_server:-
-
cpe:2.3:h:hp:proliant_xl250a_gen9_server:-
-
cpe:2.3:h:hp:proliant_xl260a_gen9_server:-
-
cpe:2.3:h:hp:proliant_xl270d_gen9_accelerator_tray:-
-
cpe:2.3:h:hp:proliant_xl270d_gen9_server:-
-
cpe:2.3:h:hp:proliant_xl450_gen9_server:-
-
cpe:2.3:h:hp:proliant_xl730f_gen9_server:-
-
cpe:2.3:h:hp:proliant_xl740f_gen9_server:-
-
cpe:2.3:h:hp:proliant_xl750f_gen9_server:-
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.00
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.10
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.20
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.30
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.70
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.75
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:1.77
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.12
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.15
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.20
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.22
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.23
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.25
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.29
-
cpe:2.3:o:hp:integrated_lights-out_2_firmware:2.30
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.00
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.05
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.20
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.26
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.28
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.50
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.55
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.80
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.87
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.88
-
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.89
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:1.11
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:1.13
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:1.20
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:1.51
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:1.52
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:1.58
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.01
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.03
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.30
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.43
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.53
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.54
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.55
-
cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.55b
-
cpe:2.3:o:hp:proliant_bl280c_g6_server_bladefirmware:*
-
cpe:2.3:o:hp:proliant_bl2x220c_g6_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl2x220c_g7_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl420c_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_bl460c_g6_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl460c_g7_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl460c_gen8_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl460c_gen9_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl465c_g7_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl465c_gen8_(amd)_firmware:*
-
cpe:2.3:o:hp:proliant_bl490c_g6_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl490c_g7_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl620c_g7_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl660c_gen8_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl660c_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_bl680c_g7_server_blade_firmware:*
-
cpe:2.3:o:hp:proliant_bl685c_g7_server_blade_(amd)_firmware:*
-
cpe:2.3:o:hp:proliant_dl120_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_dl120_g7_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl120_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl160_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_dl160_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl160_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl170e_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_dl170h_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_dl180_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_dl180_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl20_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl320_g6_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl320e_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl320e_gen8_v2_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl360_g6_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl360_g7_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl360_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl360e_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl360p_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl370_g6_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl380_g6_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl380_g7_server_firmware:-
-
cpe:2.3:o:hp:proliant_dl380_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl380e_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl380p_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl385_g7_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl385p_gen8_(amd)_firmware:*
-
cpe:2.3:o:hp:proliant_dl560_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl560_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl580_g7_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl580_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl585_g7_server_(amd)_firmware:*
-
cpe:2.3:o:hp:proliant_dl60_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl80_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_dl980_g7_server_firmware:*
-
cpe:2.3:o:hp:proliant_m300_server_cartridge_firmware:*
-
cpe:2.3:o:hp:proliant_m350_server_cartridge_firmware:*
-
cpe:2.3:o:hp:proliant_m510_server_cartridge_firmware:*
-
cpe:2.3:o:hp:proliant_m710_server_cartridge_firmware:*
-
cpe:2.3:o:hp:proliant_m710p_server_cartridge_firmware:*
-
cpe:2.3:o:hp:proliant_m710x_server_cartridge_firmware:*
-
cpe:2.3:o:hp:proliant_microserver_gen8_firmware:*
-
cpe:2.3:o:hp:proliant_ml10_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml10_v2_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml110_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_ml110_g7_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml110_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml150_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_ml150_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml30_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml310e_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml310e_gen8_v2_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml330_g6_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml350_g6_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml350_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml350e_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml350e_gen8_v2_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml350p_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_ml370_g6_server_firmware:*
-
cpe:2.3:o:hp:proliant_sl160s_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_sl170z_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_sl210t_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_sl250s_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_sl270s_gen8_server_firmware:*
-
cpe:2.3:o:hp:proliant_sl2x170z_g6_server_firmware:-
-
cpe:2.3:o:hp:proliant_sl390s_g7_server_firmware:*
-
cpe:2.3:o:hp:proliant_sl4540_gen8_1_node_server_firmware:*
-
cpe:2.3:o:hp:proliant_sl4545_g7_server_(amd)_firmware:2018.03.14(a)
-
cpe:2.3:o:hp:proliant_thin_micro_tm200_server_firmware:*
-
cpe:2.3:o:hp:proliant_ws460c_gen9_workstation_firmware:*
-
cpe:2.3:o:hp:proliant_xl170r_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_xl190r_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_xl230a_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_xl250a_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_xl260a_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_xl270d_gen9_accelerator_tray_firmware:*
-
cpe:2.3:o:hp:proliant_xl270d_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_xl450_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_xl730f_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_xl740f_gen9_server_firmware:*
-
cpe:2.3:o:hp:proliant_xl750f_gen9_server_firmware:*