Vulnerability Details : CVE-2018-7112
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.
Products affected by CVE-2018-7112
- cpe:2.3:o:hp:integrated_lights-out_3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:integrated_lights-out_2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl750f_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl740f_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl730f_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl450_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl270d_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl270d_gen9_accelerator_tray_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl260a_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl250a_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl230a_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl190r_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_xl170r_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl560_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl380_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl360_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl180_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl160_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl120_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl80_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl60_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl20_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml350_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml150_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml110_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml30_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml10_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl660c_gen9_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl460c_gen9_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ws460c_gen9_workstation_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl380e_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl360p_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl360e_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl320e_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl320e_gen8_v2_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl160_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_sl250s_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_sl210t_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl660c_gen8_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl465c_gen8_\(amd\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl460c_gen8_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl420c_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_sl4540_gen8_1_node_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_sl270s_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl580_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl560_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl380p_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl385p_gen8_\(amd\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml350e_gen8_v2_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml350e_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml350p_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml310e_gen8_v2_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml310e_gen8_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_microserver_gen8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_m710_server_cartridge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_m710p_server_cartridge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_m710x_server_cartridge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_m510_server_cartridge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_m350_server_cartridge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_m300_server_cartridge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl2x220c_g7_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl585_g7_server_\(amd\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl980_g7_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl580_g7_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl385_g7_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl380_g7_server_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl120_g7_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl360_g7_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl685c_g7_server_blade_\(amd\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl680c_g7_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl620c_g7_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl490c_g7_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl465c_g7_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl460c_g7_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_sl390s_g7_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml110_g7_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml10_v2_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_sl4545_g7_server_\(amd\)_firmware:2018.03.14\(a\):*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_thin_micro_tm200_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl380_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl370_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl360_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl320_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl180_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl170h_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl170e_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl160_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_dl120_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml370_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml350_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml330_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml150_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_ml110_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_sl2x170z_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl490c_g6_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl460c_g6_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_sl170z_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_sl160s_g6_server_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl2x220c_g6_server_blade_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:proliant_bl280c_g6_server_bladefirmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7112
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7112
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
References for CVE-2018-7112
-
http://www.securitytracker.com/id/1041984
HPE Windows Firmware Flaw Lets Local Users Obtain Potentially Sensitive Information on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
HPESBHF03831 rev.1 - HPE Integrated Lights-Out 2 (iLO 2), Remote Disclosure of InformationNot Applicable;Vendor Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us
HPESBHF03869 rev.1 - HPE Windows Firmware Installer for certain HPE Gen9,Gen8, G7, and G6 Servers, Local Disclosure of Privileged InformationVendor Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us
HPESBHF03805 rev.23 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure (CVE-2017-5715, CVE-2017-5753,Not Applicable;Vendor Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us
HPESBHF03835 rev.1 - HPE Integrated Lights-Out 3, 4, 5 (iLO 3, 4, 5), Moonshot Chassis Manager, and Moonshot Component Pack, Remote Denial of ServiceNot Applicable;Vendor Advisory
Jump to