1. Home
  2. CVE Database
  3. CVE-2018-9085
MEDIUM · 4.9

CVE-2018-9085

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flas...

Vulnerability Description

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.

CVSS Score

4.9

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
LenovoFlex System X240 M4 Firmware< a3e122b
LenovoFlex System X240 M4-
LenovoFlex System X440 M4 Firmware< cge122b
LenovoFlex System X440 M4-
LenovoSystem X3750 M4 Firmware< a5e124b
LenovoSystem X3750 M4-
IbmBladecenter Hs23 Firmware< tke160c
IbmBladecenterhs23
IbmBladecenter Hs23E Firmware< ahe160c
IbmFlex System X220 M4 Firmware< kse158c
IbmFlex System X220-
IbmFlex System X222 M4 Firmware< cce160c
IbmFlex System X222 M4-
IbmFlex System X240 M4 Firmware< ahe160c
IbmFlex System X240 M4-
IbmFlex System X280 X6 Firmware< n3e132w
IbmFlex System X280 X6-
IbmFlex System X440 M4 Firmware< cne162d
IbmFlex System X440 M4-
IbmFlex System X480 X6 Firmware< n3e132w

Related Weaknesses (CWE)

CWE-276

References

FAQ

What is CVE-2018-9085?

CVE-2018-9085 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flas...

How severe is CVE-2018-9085?

CVE-2018-9085 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9085?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Flex System X240 M4 Firmware, Lenovo Flex System X240 M4, Lenovo Flex System X440 M4 Firmware, Lenovo Flex System X440 M4, Lenovo System X3750 M4 Firmware.