CVE-2018-7112

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
hpeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
hpintegrated_lights-out_2_firmware
𝑥
< 2.33
hpintegrated_lights-out_3_firmware
𝑥
< 1.90
hpintegrated_lights-out_4_firmware
𝑥
< 2.60
hpproliant_xl750f_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_xl740f_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_xl730f_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_xl450_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_xl270d_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_xl270d_gen9_accelerator_tray_firmware
𝑥
< 2.56_01-22-2018
hpproliant_xl260a_gen9_server_firmware
𝑥
< 1.60_01-22-2018
hpproliant_xl250a_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_xl230a_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_xl190r_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_xl170r_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl560_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl380_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl360_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl180_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl160_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl120_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl80_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl60_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl20_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_ml350_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_ml150_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_ml110_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_ml30_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_ml10_gen9_server_firmware
𝑥
< 2018.01.22
hpproliant_bl660c_gen9_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_bl460c_gen9_server_blade_firmware
𝑥
< 2.56_01-22-2018
hpproliant_ws460c_gen9_workstation_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl380e_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_dl360p_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_dl360e_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_dl320e_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_dl320e_gen8_v2_server_firmware
𝑥
< 2018.01.22
hpproliant_dl160_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_sl250s_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_sl210t_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_bl660c_gen8_server_blade_firmware
𝑥
< 2018.01.22
hpproliant_bl465c_gen8_\(amd\)_firmware
𝑥
< 2018.03.14
hpproliant_bl460c_gen8_server_blade_firmware
𝑥
< 2018.01.22
hpproliant_bl420c_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_sl4540_gen8_1_node_server_firmware
𝑥
< 2018.01.22
hpproliant_sl270s_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_dl580_gen8_server_firmware
𝑥
< 2.00_02-22-2018
hpproliant_dl560_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_dl380p_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_dl385p_gen8_\(amd\)_firmware
𝑥
< 2018.03.14
hpproliant_ml350e_gen8_v2_server_firmware
𝑥
< 2018.01.22
hpproliant_ml350e_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_ml350p_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_ml310e_gen8_v2_server_firmware
𝑥
< 2018.01.22
hpproliant_ml310e_gen8_server_firmware
𝑥
< 2018.01.22
hpproliant_microserver_gen8_firmware
𝑥
< 2018.01.22
hpproliant_m710_server_cartridge_firmware
𝑥
< 2018.01.22
hpproliant_m710p_server_cartridge_firmware
𝑥
< 2018.01.22
hpproliant_m710x_server_cartridge_firmware
𝑥
< 1.64_01-22-2018
hpproliant_m510_server_cartridge_firmware
𝑥
< 1.64_01-22-2018
hpproliant_m350_server_cartridge_firmware
𝑥
< 2018.01.22
hpproliant_m300_server_cartridge_firmware
𝑥
< 2018.01.22
hpproliant_bl2x220c_g7_server_blade_firmware
𝑥
< 2018.05.21
hpproliant_dl585_g7_server_\(amd\)_firmware
𝑥
< 2018.03.14
hpproliant_dl980_g7_server_firmware
𝑥
< 2018.05.21
hpproliant_dl580_g7_server_firmware
𝑥
< 2018.05.21
hpproliant_dl385_g7_server_firmware
𝑥
< 2018.03.14
hpproliant_dl380_g7_server_firmware
-
hpproliant_dl120_g7_server_firmware
𝑥
< 2018.05.21
hpproliant_dl360_g7_server_firmware
𝑥
< 2018.05.21
hpproliant_bl685c_g7_server_blade_\(amd\)_firmware
𝑥
< 2018.03.14
hpproliant_bl680c_g7_server_blade_firmware
𝑥
< 2018.05.21
hpproliant_bl620c_g7_server_blade_firmware
𝑥
< 2018.05.21
hpproliant_bl490c_g7_server_blade_firmware
𝑥
< 2018.05.21
hpproliant_bl465c_g7_server_blade_firmware
𝑥
< 2018.03.14
hpproliant_bl460c_g7_server_blade_firmware
𝑥
< 2018.05.21
hpproliant_sl390s_g7_server_firmware
𝑥
< 2018.05.21
hpproliant_ml110_g7_server_firmware
𝑥
< 2018.05.21
hpproliant_ml10_v2_server_firmware
𝑥
< 2018.01.22
hpproliant_sl4545_g7_server_\(amd\)_firmware
2018.03.14\(a\)
hpproliant_thin_micro_tm200_server_firmware
𝑥
< 2.56_01-22-2018
hpproliant_dl380_g6_server_firmware
𝑥
< 2018.05.21
hpproliant_dl370_g6_server_firmware
𝑥
< 2018.05.21
hpproliant_dl360_g6_server_firmware
𝑥
< 2018.05.21
hpproliant_dl320_g6_server_firmware
𝑥
< 2018.05.21
hpproliant_dl180_g6_server_firmware
*
hpproliant_dl170h_g6_server_firmware
*
hpproliant_dl170e_g6_server_firmware
*
hpproliant_dl160_g6_server_firmware
*
hpproliant_dl120_g6_server_firmware
*
hpproliant_ml370_g6_server_firmware
𝑥
< 2018.05.21
hpproliant_ml350_g6_server_firmware
𝑥
< 2018.05.21
hpproliant_ml330_g6_server_firmware
𝑥
< 2018.05.21
hpproliant_ml150_g6_server_firmware
*
hpproliant_ml110_g6_server_firmware
*
hpproliant_sl2x170z_g6_server_firmware
*
hpproliant_bl490c_g6_server_blade_firmware
𝑥
< 2018.05.21
hpproliant_bl460c_g6_server_blade_firmware
𝑥
< 2018.05.21
hpproliant_sl170z_g6_server_firmware
*
hpproliant_sl160s_g6_server_firmware
*
hpproliant_bl2x220c_g6_server_blade_firmware
𝑥
< 2018.05.21
hpproliant_bl280c_g6_server_bladefirmware
𝑥
< 2018.05.21
𝑥
= Vulnerable software versions
References
http://www.securitytracker.com/id/1041984
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us
http://www.securitytracker.com/id/1041984
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us