Vulnerability in Hewlett Packard Enterprise Windows Firmware Installer For Gen9, Gen8, G7,and G6 Hpe Servers
CVE-2018-7112
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmwa…
EPSS: 0.007 (47.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Hewlett Packard Enterprise Windows Firmware Installer For Gen9, Gen8, G7,and G6 Hpe Servers — versions Only the Windows based firmware installers for the following products. HPE Integrated Lights-Out 2 (iLO 2) Firmware for ProLiant G6 Servers - Prior to v2.33, HPE Integrated Lights-Out 3 (iLO 3) Firmware for ProLiant G7 Servers - Prior to v1.90, HPE Integrated Lights-Out 4 (iLO 4) Firmware for ProLiant Gen8 Server firmwares - Prior to v2.60, HPE ProLiant XL750f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL740f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL730f Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL450 Gen9 Server firmware - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL270d Gen9 Special Server - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - Prior to 2.56_01-22-2018(23 Feb 2018), HPE ProLiant XL260a Gen9 Server firmware - Prior to 1.60_01-22-2018(26 Feb 2018), HPE ProLiant XL250a Gen9 Server firmware - Prior to 2.56_01-22- ...[truncated*]
- Hp Integrated_lights-out
- Hp Integrated_lights-out_2
- Hp Integrated_lights-out_2_firmware
- Hp Integrated_lights-out_3_firmware
- Hp Integrated_lights-out_4_firmware
- Hp Proliant_bl280c_g6_server
- Hp Proliant_bl280c_g6_server_bladefirmware
- Hp Proliant_bl2x220c_g6_server_blade
- Hp Proliant_bl2x220c_g6_server_blade_firmware
References
- security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- security-alert@hpe.com (x_refsource_CONFIRM, Not Applicable, Vendor Advisory)
- security-alert@hpe.com (x_refsource_CONFIRM, Not Applicable, Vendor Advisory)
- security-alert@hpe.com (x_refsource_CONFIRM, Not Applicable, Vendor Advisory)
- security-alert@hpe.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2018-7112?
- CVE-2018-7112 is a medium-severity vulnerability in Hewlett Packard Enterprise Windows Firmware Installer For Gen9, Gen8, G7,and G6 Hpe Servers. CVSS score: 5.5/10. Published 2018-12-03.
- How severe is CVE-2018-7112?
- Medium severity. CVSS v3 base score is 5.5 out of 10.