PT-2018-7264 · Lenovo+1 · Lenovo System X+1

Published

2018-01-26

Updated

2018-02-15

CVE-2017-3768

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Lenovo System x versions prior to 4.4 IBM System x versions prior to 6.4

Description: The issue allows an unprivileged attacker with connectivity to the IMM2 to cause a denial of service attack. This can be achieved by flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by tools such as LXCA and OneCLI. The attack exhausts available system memory, causing the IMM2 to reboot itself until the requests cease.

Recommendations: For Lenovo System x versions prior to 4.4, update to version 4.4 or later to resolve the issue. For IBM System x versions prior to 6.4, update to version 6.4 or later to resolve the issue.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2017-3768

Affected Products

Ibm System X

Lenovo System X

PT-2018-7264 · Lenovo+1 · Lenovo System X+1

CVE-2017-3768

Weakness Enumeration

Related Identifiers

Affected Products

References · 3