Vulnerability Details CVE-2018-9086
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2018-9086
-
cpe:2.3:h:lenovo:thinkserver_rd340:-
-
cpe:2.3:h:lenovo:thinkserver_rd440:-
-
cpe:2.3:h:lenovo:thinkserver_rd640:-
-
cpe:2.3:h:lenovo:thinkserver_td340:-
-
cpe:2.3:o:lenovo:thinkserver_rd340_firmware:-
-
cpe:2.3:o:lenovo:thinkserver_rd340_firmware:50.00
-
cpe:2.3:o:lenovo:thinkserver_rd440_firmware:-
-
cpe:2.3:o:lenovo:thinkserver_rd440_firmware:50.00
-
cpe:2.3:o:lenovo:thinkserver_rd640_firmware:-
-
cpe:2.3:o:lenovo:thinkserver_rd640_firmware:50.00
-
cpe:2.3:o:lenovo:thinkserver_td340_firmware:-
-
cpe:2.3:o:lenovo:thinkserver_td340_firmware:46.00