cnvd - cnvd-2018-04620

cnvd-2018-04620

Vulnerability from cnvd

Title: Lenovo System x系列和IBM System x系列拒绝服务漏洞

Description:

Lenovo System x是中国联想（Lenovo）公司的一款服务器。IBM System x是美国IBM公司的一款服务器。

Lenovo System x系列4.4之前版本和IBM System x系列6.4之前版本中存在安全漏洞。攻击者可借助大量失败的身份验证请求利用该漏洞造成拒绝服务（重启）。

Severity: 高

Patch Name: Lenovo System x系列和IBM System x系列拒绝服务漏洞的补丁

Patch Description:

Lenovo System x是中国联想（Lenovo）公司的一款服务器。IBM System x是美国IBM公司的一款服务器。

Lenovo System x系列4.4之前版本和IBM System x系列6.4之前版本中存在安全漏洞。攻击者可借助大量失败的身份验证请求利用该漏洞造成拒绝服务（重启）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.lenovo.com/us/zh/product_security/len-14450

Reference: https://support.lenovo.com/us/en/product_security/LEN-14450

Impacted products

Name
['Lenovo System x <4.4', 'IBM System x <6.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3768"
    }
  },
  "description": "Lenovo System x\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u670d\u52a1\u5668\u3002IBM System x\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u670d\u52a1\u5668\u3002\r\n\r\nLenovo System x\u7cfb\u52174.4\u4e4b\u524d\u7248\u672c\u548cIBM System x\u7cfb\u52176.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5927\u91cf\u5931\u8d25\u7684\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u91cd\u542f\uff09\u3002",
  "discovererName": "unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.lenovo.com/us/zh/product_security/len-14450",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04620",
  "openTime": "2018-03-08",
  "patchDescription": "Lenovo System x\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u670d\u52a1\u5668\u3002IBM System x\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u670d\u52a1\u5668\u3002\r\n\r\nLenovo System x\u7cfb\u52174.4\u4e4b\u524d\u7248\u672c\u548cIBM System x\u7cfb\u52176.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5927\u91cf\u5931\u8d25\u7684\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u91cd\u542f\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Lenovo System x\u7cfb\u5217\u548cIBM System x\u7cfb\u5217\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Lenovo System x \u003c4.4",
      "IBM System x \u003c6.4"
    ]
  },
  "referenceLink": "https://support.lenovo.com/us/en/product_security/LEN-14450",
  "serverity": "\u9ad8",
  "submitTime": "2018-01-30",
  "title": "Lenovo System x\u7cfb\u5217\u548cIBM System x\u7cfb\u5217\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2017-3768 (GCVE-0-2017-3768)

Vulnerability from cvelistv5

Published

2018-01-26 19:00

Modified

2024-09-16 22:02

Severity ?

CWE

Denial of Service

Summary

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.

References

▼	URL	Tags
	https://support.lenovo.com/us/en/product_security/LEN-14450	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Lenovo Group Ltd.	Integrated Management Module 2 (IMM2)	Version: Earlier than 4.4 for Lenovo System x Version: Earlier than 6.4 for IBM System x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-14450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Integrated Management Module 2 (IMM2)",
          "vendor": "Lenovo Group Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Earlier than 4.4 for Lenovo System x"
            },
            {
              "status": "affected",
              "version": "Earlier than 6.4 for IBM System x"
            }
          ]
        }
      ],
      "datePublic": "2018-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-26T18:57:02",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/LEN-14450"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "DATE_PUBLIC": "2018-01-25T00:00:00",
          "ID": "CVE-2017-3768",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Integrated Management Module 2 (IMM2)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Earlier than 4.4 for Lenovo System x"
                          },
                          {
                            "version_value": "Earlier than 6.4 for IBM System x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo Group Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/LEN-14450",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/product_security/LEN-14450"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2017-3768",
    "datePublished": "2018-01-26T19:00:00Z",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-09-16T22:02:02.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted