PT-2018-18846 · Lenovo+2 · Lenovo System X+2
Published
2018-11-16
·
Updated
2019-10-03
·
CVE-2018-9085
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Lenovo and IBM System x servers (affected versions not specified)
Description
A security issue was found in older generation Lenovo and IBM System x servers. The problem is related to a write protection lock bit that is not set after the system boots. This could allow an attacker who already has administrator access to change certain parts of the system's flash memory. Specifically, the attacker could modify the Intel Server Platform Services (SPS) and the system Flash Descriptors.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm System X
Intel Server Platform Services
Lenovo System X