Vulnerability Details CVE-2018-9086
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.5%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2018-9086
-
cpe:2.3:h:lenovo:thinkserver_rd340:-
-
cpe:2.3:h:lenovo:thinkserver_rd440:-
-
cpe:2.3:h:lenovo:thinkserver_rd640:-
-
cpe:2.3:h:lenovo:thinkserver_td340:-
-
cpe:2.3:o:lenovo:thinkserver_rd340_firmware:-
-
cpe:2.3:o:lenovo:thinkserver_rd340_firmware:50.00
-
cpe:2.3:o:lenovo:thinkserver_rd440_firmware:-
-
cpe:2.3:o:lenovo:thinkserver_rd440_firmware:50.00
-
cpe:2.3:o:lenovo:thinkserver_rd640_firmware:-
-
cpe:2.3:o:lenovo:thinkserver_rd640_firmware:50.00
-
cpe:2.3:o:lenovo:thinkserver_td340_firmware:-
-
cpe:2.3:o:lenovo:thinkserver_td340_firmware:46.00