Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Power 9 Systems by IBM

    CVE-2021-20487 (GCVE-0-2021-20487)

    Vulnerability from nvd – Published: 2021-05-26 16:20 – Updated: 2024-09-16 18:33
    VLAI
    Summary
    IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Power 9 Systems Affected: FW930
    Affected: FW940
    Affected: FW941
    Affected: OP940
    Create a notification for this product.
    Date Public
    2021-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6455911"
              },
              {
                "name": "ibm-power9-cve202120487-priv-escalation (197730)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197730"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Power 9 Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW930"
                },
                {
                  "status": "affected",
                  "version": "FW940"
                },
                {
                  "status": "affected",
                  "version": "FW941"
                },
                {
                  "status": "affected",
                  "version": "OP940"
                }
              ]
            }
          ],
          "datePublic": "2021-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 7,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/UI:N/I:H/AC:H/PR:H/S:C/A:H/C:H/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-26T16:20:17.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6455911"
            },
            {
              "name": "ibm-power9-cve202120487-priv-escalation (197730)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197730"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-05-25T00:00:00",
              "ID": "CVE-2021-20487",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Power 9 Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FW930"
                              },
                              {
                                "version_value": "FW940"
                              },
                              {
                                "version_value": "FW941"
                              },
                              {
                                "version_value": "OP940"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "H",
                  "PR": "H",
                  "S": "C",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6455911",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6455911 (Power 9 Systems)",
                  "url": "https://www.ibm.com/support/pages/node/6455911"
                },
                {
                  "name": "ibm-power9-cve202120487-priv-escalation (197730)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197730"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-20487",
        "datePublished": "2021-05-26T16:20:17.769Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:33:23.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1992 (GCVE-0-2018-1992)

    Vulnerability from nvd – Published: 2019-03-21 14:35 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Power 9 Systems Affected: FW910
    Affected: OP910
    Affected: OP920
    Create a notification for this product.
    Date Public
    2019-02-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
              },
              {
                "name": "ibm-power9-cve20181992-code-exec (154345)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Power 9 Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW910"
                },
                {
                  "status": "affected",
                  "version": "OP910"
                },
                {
                  "status": "affected",
                  "version": "OP920"
                }
              ]
            }
          ],
          "datePublic": "2019-02-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware\u0027s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system\u0027s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:H/AV:L/S:U/I:H/UI:N/AC:H/A:H/C:H/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-21T14:35:28.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
            },
            {
              "name": "ibm-power9-cve20181992-code-exec (154345)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-02-18T00:00:00",
              "ID": "CVE-2018-1992",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Power 9 Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FW910"
                              },
                              {
                                "version_value": "OP910"
                              },
                              {
                                "version_value": "OP920"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware\u0027s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system\u0027s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "H",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10868992",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 868992 (Power 9 Systems)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
                },
                {
                  "name": "ibm-power9-cve20181992-code-exec (154345)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1992",
        "datePublished": "2019-03-21T14:35:28.145Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:29.221Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20487 (GCVE-0-2021-20487)

    Vulnerability from cvelistv5 – Published: 2021-05-26 16:20 – Updated: 2024-09-16 18:33
    VLAI
    Summary
    IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Power 9 Systems Affected: FW930
    Affected: FW940
    Affected: FW941
    Affected: OP940
    Create a notification for this product.
    Date Public
    2021-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6455911"
              },
              {
                "name": "ibm-power9-cve202120487-priv-escalation (197730)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197730"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Power 9 Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW930"
                },
                {
                  "status": "affected",
                  "version": "FW940"
                },
                {
                  "status": "affected",
                  "version": "FW941"
                },
                {
                  "status": "affected",
                  "version": "OP940"
                }
              ]
            }
          ],
          "datePublic": "2021-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 7,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/UI:N/I:H/AC:H/PR:H/S:C/A:H/C:H/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-26T16:20:17.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6455911"
            },
            {
              "name": "ibm-power9-cve202120487-priv-escalation (197730)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197730"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-05-25T00:00:00",
              "ID": "CVE-2021-20487",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Power 9 Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FW930"
                              },
                              {
                                "version_value": "FW940"
                              },
                              {
                                "version_value": "FW941"
                              },
                              {
                                "version_value": "OP940"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "H",
                  "PR": "H",
                  "S": "C",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6455911",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6455911 (Power 9 Systems)",
                  "url": "https://www.ibm.com/support/pages/node/6455911"
                },
                {
                  "name": "ibm-power9-cve202120487-priv-escalation (197730)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197730"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-20487",
        "datePublished": "2021-05-26T16:20:17.769Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:33:23.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1992 (GCVE-0-2018-1992)

    Vulnerability from cvelistv5 – Published: 2019-03-21 14:35 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Power 9 Systems Affected: FW910
    Affected: OP910
    Affected: OP920
    Create a notification for this product.
    Date Public
    2019-02-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
              },
              {
                "name": "ibm-power9-cve20181992-code-exec (154345)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Power 9 Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "FW910"
                },
                {
                  "status": "affected",
                  "version": "OP910"
                },
                {
                  "status": "affected",
                  "version": "OP920"
                }
              ]
            }
          ],
          "datePublic": "2019-02-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware\u0027s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system\u0027s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:H/AV:L/S:U/I:H/UI:N/AC:H/A:H/C:H/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-21T14:35:28.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
            },
            {
              "name": "ibm-power9-cve20181992-code-exec (154345)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-02-18T00:00:00",
              "ID": "CVE-2018-1992",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Power 9 Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FW910"
                              },
                              {
                                "version_value": "OP910"
                              },
                              {
                                "version_value": "OP920"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware\u0027s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system\u0027s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "H",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10868992",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 868992 (Power 9 Systems)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
                },
                {
                  "name": "ibm-power9-cve20181992-code-exec (154345)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1992",
        "datePublished": "2019-03-21T14:35:28.145Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:29.221Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }