Vulnerability Details CVE-2018-9085
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.0%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
Products affected by CVE-2018-9085
-
cpe:2.3:h:ibm:bladecenter:hs23
-
cpe:2.3:h:ibm:bladecenter:hs23e
-
cpe:2.3:h:ibm:flex_system_x220:-
-
cpe:2.3:h:ibm:flex_system_x222_m4:-
-
cpe:2.3:h:ibm:flex_system_x240_m4:-
-
cpe:2.3:h:ibm:flex_system_x280_x6:-
-
cpe:2.3:h:ibm:flex_system_x440_m4:-
-
cpe:2.3:h:ibm:flex_system_x480_x6:-
-
cpe:2.3:h:ibm:flex_system_x880_x6:-
-
cpe:2.3:h:ibm:idataplex_dx360_m4_:-
-
cpe:2.3:h:ibm:system_x3100_m4:-
-
cpe:2.3:h:ibm:system_x3100_m5:-
-
cpe:2.3:h:ibm:system_x3250_m4:-
-
cpe:2.3:h:ibm:system_x3250_m5:-
-
cpe:2.3:h:ibm:system_x3300_m4:-
-
cpe:2.3:h:ibm:system_x3500_m4:-
-
cpe:2.3:h:ibm:system_x3530_m4:-
-
cpe:2.3:h:ibm:system_x3550_m4:-
-
cpe:2.3:h:ibm:system_x3630_m4:-
-
cpe:2.3:h:ibm:system_x3650_m4:-
-
cpe:2.3:h:ibm:system_x3650_m4_bd:-
-
cpe:2.3:h:ibm:system_x3650_m4_hd:-
-
cpe:2.3:h:ibm:system_x3750_m4:-
-
cpe:2.3:h:ibm:system_x3850_x6:-
-
cpe:2.3:h:ibm:system_x3950_x6:-
-
cpe:2.3:h:lenovo:flex_system_x240_m4:-
-
cpe:2.3:h:lenovo:flex_system_x440_m4:-
-
cpe:2.3:h:lenovo:system_x3750_m4:-
-
cpe:2.3:o:ibm:bladecenter_hs23_firmware:-
-
cpe:2.3:o:ibm:bladecenter_hs23_firmware:3.0.0
-
cpe:2.3:o:ibm:bladecenter_hs23_firmware:6.4
-
cpe:2.3:o:ibm:bladecenter_hs23_firmware:6.80
-
cpe:2.3:o:ibm:bladecenter_hs23_firmware:7.20
-
cpe:2.3:o:ibm:bladecenter_hs23e_firmware:-
-
cpe:2.3:o:ibm:bladecenter_hs23e_firmware:6.4
-
cpe:2.3:o:ibm:bladecenter_hs23e_firmware:6.80
-
cpe:2.3:o:ibm:bladecenter_hs23e_firmware:7.20
-
cpe:2.3:o:ibm:flex_system_x220_m4_firmware:-
-
cpe:2.3:o:ibm:flex_system_x220_m4_firmware:6.4
-
cpe:2.3:o:ibm:flex_system_x220_m4_firmware:6.80
-
cpe:2.3:o:ibm:flex_system_x220_m4_firmware:7.20
-
cpe:2.3:o:ibm:flex_system_x222_m4_firmware:-
-
cpe:2.3:o:ibm:flex_system_x222_m4_firmware:6.4
-
cpe:2.3:o:ibm:flex_system_x222_m4_firmware:6.80
-
cpe:2.3:o:ibm:flex_system_x222_m4_firmware:7.20
-
cpe:2.3:o:ibm:flex_system_x240_m4_firmware:-
-
cpe:2.3:o:ibm:flex_system_x240_m4_firmware:6.4
-
cpe:2.3:o:ibm:flex_system_x240_m4_firmware:6.80
-
cpe:2.3:o:ibm:flex_system_x240_m4_firmware:7.20
-
cpe:2.3:o:ibm:flex_system_x280_x6_firmware:*
-
cpe:2.3:o:ibm:flex_system_x440_m4_firmware:-
-
cpe:2.3:o:ibm:flex_system_x440_m4_firmware:6.4
-
cpe:2.3:o:ibm:flex_system_x440_m4_firmware:6.80
-
cpe:2.3:o:ibm:flex_system_x440_m4_firmware:7.20
-
cpe:2.3:o:ibm:flex_system_x480_x6_firmware:*
-
cpe:2.3:o:ibm:flex_system_x880_x6_firmware:*
-
cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:-
-
cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:6.4
-
cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:6.80
-
cpe:2.3:o:ibm:idataplex_dx360_m4_firmware:7.20
-
cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:-
-
cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:6.4
-
cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:6.80
-
cpe:2.3:o:ibm:idataplex_dx360_m4_water_cooled_firmware:7.20
-
cpe:2.3:o:ibm:system_x3100_m4_firmware:-
-
cpe:2.3:o:ibm:system_x3100_m4_firmware:6.4
-
cpe:2.3:o:ibm:system_x3100_m4_firmware:6.80
-
cpe:2.3:o:ibm:system_x3100_m4_firmware:7.20
-
cpe:2.3:o:ibm:system_x3100_m5_firmware:-
-
cpe:2.3:o:ibm:system_x3100_m5_firmware:6.4
-
cpe:2.3:o:ibm:system_x3100_m5_firmware:6.80
-
cpe:2.3:o:ibm:system_x3100_m5_firmware:7.20
-
cpe:2.3:o:ibm:system_x3250_m4_firmware:-
-
cpe:2.3:o:ibm:system_x3250_m4_firmware:6.4
-
cpe:2.3:o:ibm:system_x3250_m4_firmware:6.80
-
cpe:2.3:o:ibm:system_x3250_m4_firmware:7.20
-
cpe:2.3:o:ibm:system_x3250_m5_firmware:-
-
cpe:2.3:o:ibm:system_x3250_m5_firmware:6.4
-
cpe:2.3:o:ibm:system_x3250_m5_firmware:6.80
-
cpe:2.3:o:ibm:system_x3250_m5_firmware:7.20
-
cpe:2.3:o:ibm:system_x3300_m4_firmware:-
-
cpe:2.3:o:ibm:system_x3300_m4_firmware:6.4
-
cpe:2.3:o:ibm:system_x3300_m4_firmware:6.80
-
cpe:2.3:o:ibm:system_x3300_m4_firmware:7.20
-
cpe:2.3:o:ibm:system_x3500_m4_firmware:-
-
cpe:2.3:o:ibm:system_x3500_m4_firmware:6.4
-
cpe:2.3:o:ibm:system_x3500_m4_firmware:6.80
-
cpe:2.3:o:ibm:system_x3500_m4_firmware:7.20
-
cpe:2.3:o:ibm:system_x3530_m4_firmware:-
-
cpe:2.3:o:ibm:system_x3530_m4_firmware:3.20
-
cpe:2.3:o:ibm:system_x3530_m4_firmware:6.4
-
cpe:2.3:o:ibm:system_x3530_m4_firmware:6.80
-
cpe:2.3:o:ibm:system_x3530_m4_firmware:7.20
-
cpe:2.3:o:ibm:system_x3550_m4_firmware:-
-
cpe:2.3:o:ibm:system_x3550_m4_firmware:6.4
-
cpe:2.3:o:ibm:system_x3550_m4_firmware:6.80
-
cpe:2.3:o:ibm:system_x3550_m4_firmware:7.20
-
cpe:2.3:o:ibm:system_x3630_m4_firmware:-
-
cpe:2.3:o:ibm:system_x3630_m4_firmware:3.20
-
cpe:2.3:o:ibm:system_x3630_m4_firmware:6.4
-
cpe:2.3:o:ibm:system_x3630_m4_firmware:6.80
-
cpe:2.3:o:ibm:system_x3630_m4_firmware:7.20
-
cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:-
-
cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:6.4
-
cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:6.80
-
cpe:2.3:o:ibm:system_x3650_m4_bd_firmware:7.20
-
cpe:2.3:o:ibm:system_x3650_m4_firmware:-
-
cpe:2.3:o:ibm:system_x3650_m4_firmware:6.4
-
cpe:2.3:o:ibm:system_x3650_m4_firmware:6.80
-
cpe:2.3:o:ibm:system_x3650_m4_firmware:7.20
-
cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:-
-
cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:2.40
-
cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:6.4
-
cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:6.80
-
cpe:2.3:o:ibm:system_x3650_m4_hd_firmware:7.20
-
cpe:2.3:o:ibm:system_x3750_m4_firmware:-
-
cpe:2.3:o:ibm:system_x3750_m4_firmware:6.4
-
cpe:2.3:o:ibm:system_x3750_m4_firmware:6.80
-
cpe:2.3:o:ibm:system_x3750_m4_firmware:7.20
-
cpe:2.3:o:ibm:system_x3850_x6_firmware:-
-
cpe:2.3:o:ibm:system_x3850_x6_firmware:6.4
-
cpe:2.3:o:ibm:system_x3850_x6_firmware:6.80
-
cpe:2.3:o:ibm:system_x3850_x6_firmware:7.20
-
cpe:2.3:o:ibm:system_x3950_x6_firmware:-
-
cpe:2.3:o:ibm:system_x3950_x6_firmware:6.4
-
cpe:2.3:o:ibm:system_x3950_x6_firmware:6.80
-
cpe:2.3:o:ibm:system_x3950_x6_firmware:7.20
-
cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:-
-
cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:4.4
-
cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:4.90
-
cpe:2.3:o:lenovo:flex_system_x240_m4_firmware:5.30
-
cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:-
-
cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:4.4
-
cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:4.90
-
cpe:2.3:o:lenovo:flex_system_x440_m4_firmware:5.30
-
cpe:2.3:o:lenovo:system_x3750_m4_firmware:-
-
cpe:2.3:o:lenovo:system_x3750_m4_firmware:4.4
-
cpe:2.3:o:lenovo:system_x3750_m4_firmware:4.90
-
cpe:2.3:o:lenovo:system_x3750_m4_firmware:5.30