Search criteria
4 vulnerabilities found for power_system_h924_\(9223-42h\)_firmware by ibm
CVE-2024-45656 (GCVE-0-2024-45656)
Vulnerability from nvd – Published: 2024-10-29 00:37 – Updated: 2024-11-02 03:55
VLAI?
Title
IBM Flexible Service Processor hard coded credentials
Summary
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Flexible Service Processor |
Affected:
FW860.00 , ≤ FW860.B3
(semver)
Affected: FW950.00 , ≤ FW950.C0 (semver) Affected: FW1030.00 , ≤ FW1030.61 (semver) Affected: FW1050.00 , ≤ FW1050.21 (semver) Affected: FW1060.00 , ≤ FW1060.10 (semver) cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1030.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw860.00:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-02T03:55:32.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1030.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw860.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Flexible Service Processor",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "FW860.B3",
"status": "affected",
"version": "FW860.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW950.C0",
"status": "affected",
"version": "FW950.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1030.61",
"status": "affected",
"version": "FW1030.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1050.21",
"status": "affected",
"version": "FW1050.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1060.10",
"status": "affected",
"version": "FW1060.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP."
}
],
"value": "IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T00:37:16.004Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174183"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Flexible Service Processor hard coded credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45656",
"datePublished": "2024-10-29T00:37:16.004Z",
"dateReserved": "2024-09-03T13:50:26.296Z",
"dateUpdated": "2024-11-02T03:55:32.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1992 (GCVE-0-2018-1992)
Vulnerability from nvd – Published: 2019-03-21 14:35 – Updated: 2024-09-16 17:18
VLAI?
Summary
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Power 9 Systems |
Affected:
FW910
Affected: OP910 Affected: OP920 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
},
{
"name": "ibm-power9-cve20181992-code-exec (154345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Power 9 Systems",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "FW910"
},
{
"status": "affected",
"version": "OP910"
},
{
"status": "affected",
"version": "OP920"
}
]
}
],
"datePublic": "2019-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware\u0027s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system\u0027s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:H/AV:L/S:U/I:H/UI:N/AC:H/A:H/C:H/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-21T14:35:28",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
},
{
"name": "ibm-power9-cve20181992-code-exec (154345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-02-18T00:00:00",
"ID": "CVE-2018-1992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Power 9 Systems",
"version": {
"version_data": [
{
"version_value": "FW910"
},
{
"version_value": "OP910"
},
{
"version_value": "OP920"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware\u0027s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system\u0027s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "L",
"C": "H",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10868992",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 868992 (Power 9 Systems)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
},
{
"name": "ibm-power9-cve20181992-code-exec (154345)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1992",
"datePublished": "2019-03-21T14:35:28.145154Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:18:29.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45656 (GCVE-0-2024-45656)
Vulnerability from cvelistv5 – Published: 2024-10-29 00:37 – Updated: 2024-11-02 03:55
VLAI?
Title
IBM Flexible Service Processor hard coded credentials
Summary
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Flexible Service Processor |
Affected:
FW860.00 , ≤ FW860.B3
(semver)
Affected: FW950.00 , ≤ FW950.C0 (semver) Affected: FW1030.00 , ≤ FW1030.61 (semver) Affected: FW1050.00 , ≤ FW1050.21 (semver) Affected: FW1060.00 , ≤ FW1060.10 (semver) cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1030.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw860.00:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-02T03:55:32.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1030.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw860.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Flexible Service Processor",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "FW860.B3",
"status": "affected",
"version": "FW860.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW950.C0",
"status": "affected",
"version": "FW950.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1030.61",
"status": "affected",
"version": "FW1030.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1050.21",
"status": "affected",
"version": "FW1050.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1060.10",
"status": "affected",
"version": "FW1060.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP."
}
],
"value": "IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T00:37:16.004Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174183"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Flexible Service Processor hard coded credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45656",
"datePublished": "2024-10-29T00:37:16.004Z",
"dateReserved": "2024-09-03T13:50:26.296Z",
"dateUpdated": "2024-11-02T03:55:32.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1992 (GCVE-0-2018-1992)
Vulnerability from cvelistv5 – Published: 2019-03-21 14:35 – Updated: 2024-09-16 17:18
VLAI?
Summary
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Power 9 Systems |
Affected:
FW910
Affected: OP910 Affected: OP920 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
},
{
"name": "ibm-power9-cve20181992-code-exec (154345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Power 9 Systems",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "FW910"
},
{
"status": "affected",
"version": "OP910"
},
{
"status": "affected",
"version": "OP920"
}
]
}
],
"datePublic": "2019-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware\u0027s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system\u0027s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:H/AV:L/S:U/I:H/UI:N/AC:H/A:H/C:H/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-21T14:35:28",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
},
{
"name": "ibm-power9-cve20181992-code-exec (154345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-02-18T00:00:00",
"ID": "CVE-2018-1992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Power 9 Systems",
"version": {
"version_data": [
{
"version_value": "FW910"
},
{
"version_value": "OP910"
},
{
"version_value": "OP920"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Power 9 OP910, OP920, and FW910 boot firmware\u0027s bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system\u0027s hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "L",
"C": "H",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10868992",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 868992 (Power 9 Systems)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10868992"
},
{
"name": "ibm-power9-cve20181992-code-exec (154345)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1992",
"datePublished": "2019-03-21T14:35:28.145154Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:18:29.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}