Published: 03/12/2018 Updated: 24/08/2020

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp integrated_lights-out_2_firmware
hp integrated_lights-out_3_firmware
hp integrated_lights-out_4_firmware
hp proliant_xl750f_gen9_server_firmware
hp proliant_xl740f_gen9_server_firmware
hp proliant_xl730f_gen9_server_firmware
hp proliant_xl450_gen9_server_firmware
hp proliant_xl270d_gen9_server_firmware
hp proliant_xl270d_gen9_accelerator_tray_firmware
hp proliant_xl260a_gen9_server_firmware
hp proliant_xl250a_gen9_server_firmware
hp proliant_xl230a_gen9_server_firmware
hp proliant_xl190r_gen9_server_firmware
hp proliant_xl170r_gen9_server_firmware
hp proliant_dl560_gen9_server_firmware
hp proliant_dl380_gen9_server_firmware
hp proliant_dl360_gen9_server_firmware
hp proliant_dl180_gen9_server_firmware
hp proliant_dl160_gen9_server_firmware
hp proliant_dl120_gen9_server_firmware
hp proliant_dl80_gen9_server_firmware
hp proliant_dl60_gen9_server_firmware
hp proliant_dl20_gen9_server_firmware
hp proliant_ml350_gen9_server_firmware
hp proliant_ml150_gen9_server_firmware
hp proliant_ml110_gen9_server_firmware
hp proliant_ml30_gen9_server_firmware
hp proliant_ml10_gen9_server_firmware
hp proliant_bl660c_gen9_server_firmware
hp proliant_bl460c_gen9_server_blade_firmware
hp proliant_ws460c_gen9_workstation_firmware
hp proliant_dl380e_gen8_server_firmware
hp proliant_dl360p_gen8_server_firmware
hp proliant_dl360e_gen8_server_firmware
hp proliant_dl320e_gen8_server_firmware
hp proliant_dl320e_gen8_v2_server_firmware
hp proliant_dl160_gen8_server_firmware
hp proliant_sl250s_gen8_server_firmware
hp proliant_sl210t_gen8_server_firmware
hp proliant_bl660c_gen8_server_blade_firmware
hp proliant_bl465c_gen8_\\(amd\\)_firmware
hp proliant_bl460c_gen8_server_blade_firmware
hp proliant_bl420c_gen8_server_firmware
hp proliant_sl4540_gen8_1_node_server_firmware
hp proliant_sl270s_gen8_server_firmware
hp proliant_dl580_gen8_server_firmware
hp proliant_dl560_gen8_server_firmware
hp proliant_dl380p_gen8_server_firmware
hp proliant_dl385p_gen8_\\(amd\\)_firmware
hp proliant_ml350e_gen8_v2_server_firmware
hp proliant_ml350e_gen8_server_firmware
hp proliant_ml350p_gen8_server_firmware
hp proliant_ml310e_gen8_v2_server_firmware
hp proliant_ml310e_gen8_server_firmware
hp proliant_microserver_gen8_firmware
hp proliant_m710_server_cartridge_firmware
hp proliant_m710p_server_cartridge_firmware
hp proliant_m710x_server_cartridge_firmware
hp proliant_m510_server_cartridge_firmware
hp proliant_m350_server_cartridge_firmware
hp proliant_m300_server_cartridge_firmware
hp proliant_bl2x220c_g7_server_blade_firmware
hp proliant_dl585_g7_server_\\(amd\\)_firmware
hp proliant_dl980_g7_server_firmware
hp proliant_dl580_g7_server_firmware
hp proliant_dl385_g7_server_firmware
hp proliant_dl380_g7_server_firmware -
hp proliant_dl120_g7_server_firmware
hp proliant_dl360_g7_server_firmware
hp proliant_bl685c_g7_server_blade_\\(amd\\)_firmware
hp proliant_bl680c_g7_server_blade_firmware
hp proliant_bl620c_g7_server_blade_firmware
hp proliant_bl490c_g7_server_blade_firmware
hp proliant_bl465c_g7_server_blade_firmware
hp proliant_bl460c_g7_server_blade_firmware
hp proliant_sl390s_g7_server_firmware
hp proliant_ml110_g7_server_firmware
hp proliant_ml10_v2_server_firmware
hp proliant_sl4545_g7_server_\\(amd\\)_firmware 2018.03.14\\(a\\)
hp proliant_thin_micro_tm200_server_firmware
hp proliant_dl380_g6_server_firmware
hp proliant_dl370_g6_server_firmware
hp proliant_dl360_g6_server_firmware
hp proliant_dl320_g6_server_firmware
hp proliant_dl180_g6_server_firmware
hp proliant_dl170h_g6_server_firmware
hp proliant_dl170e_g6_server_firmware
hp proliant_dl160_g6_server_firmware
hp proliant_dl120_g6_server_firmware
hp proliant_ml370_g6_server_firmware
hp proliant_ml350_g6_server_firmware
hp proliant_ml330_g6_server_firmware
hp proliant_ml150_g6_server_firmware
hp proliant_ml110_g6_server_firmware
hp proliant_sl2x170z_g6_server_firmware
hp proliant_bl490c_g6_server_blade_firmware
hp proliant_bl460c_g6_server_blade_firmware
hp proliant_sl170z_g6_server_firmware
hp proliant_sl160s_g6_server_firmware
hp proliant_bl2x220c_g6_server_blade_firmware
hp proliant_bl280c_g6_server_bladefirmware

NVD-CWE-noinfo https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us http://www.securitytracker.com/id/1041984 https://nvd.nist.gov

Get Started

CVE-2018-7112

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect