Skip to main content

X11Ssz Firmware CVE-2018-13787

MEDIUM
2018-07-09 cve@mitre.org
Information Disclosure X11Ssz Firmware X11Ssv Firmware X11Ssql Firmware X11Ssq Firmware X11Ssn Firmware X11Srm Firmware X11Sra Firmware X11Sba Firmware X11Sat Firmware X11Sae M Firmware X11Sae Firmware X10Srw Firmware X10Srm Firmware X10Srl Firmware X10Sri Firmware X10Srh Firmware X10Srg Firmware X10Srd Firmware X10Sra Firmware X10Sdvt Firmware X10Sdvf Firmware X10Sde Firmware X10Sddf Firmware X10Sba Firmware X10Qrh Firmware X10Dsn Firmware X10Dscp Firmware X10Dsc Firmware X10Drx Firmware X10Drwn Firmware X10Drw Firmware X10Drux Firmware X10Drul Firmware X10Dru Firmware X10Drts Firmware X10Drtps Firmware X10Drtl Firmware X10Drth Firmware X10Drtb Firmware X10Drt Firmware X10Drs Firmware X10Drln Firmware X10Drlc Firmware X10Drl Firmware X10Dri1 Firmware X10Drh4 Firmware X10Drh Firmware X10Drgo Firmware X10Drgh Firmware X10Drg Firmware X10Drfr Firmware X10Drfg Firmware X10Drff Firmware X10Drdl Firmware X10Drd Firmware X10Drc Firmware X10Dgo Firmware X10Ddwn Firmware X10Ddwi Firmware X10Ddw4 Firmware X10Ddw3 Firmware X10Dax Firmware X10Dali Firmware X10Dal Firmware X10Dai Firmware B10Drt Firmware B10Dri Firmware B10Drg Firmware X9Sae Firmware X9Drth Firmware X9Drgqf Firmware X9Drffp Firmware X9Drf Firmware X9Dbl Firmware X8Siu Firmware X8Sit Firmware X8Sil Firmware X8Sie Firmware X8Sia Firmware K1Spi Firmware K1Spes Firmware C9X299 Firmware C7Z97Oc Firmware C7Z97Mf Firmware C7Z87Oc Firmware C7Z370L Firmware C7Z370I Firmware C7Z270P Firmware C7Z270M Firmware C7Z270L Firmware C7Z270Cg Firmware C7Z270C Firmware C7Z170Oce Firmware C7Z170O Firmware C7Z170 Firmware C7X99Oc Firmware C7Q270 Firmware C7H270 Firmware C7B250 Firmware B1Sd2Tf Firmware B1Sa4 Firmware B1Dri Firmware A2Sav Firmware A2Sap Firmware A2San Firmware A1Srm Firmware A1Sam Firmware A1Sai1 Firmware A1Sai Firmware A1Sa Firmware
6.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 09, 2018 - 18:29 nvd
MEDIUM 6.7

DescriptionNVD

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

AnalysisAI

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. Affected products include: Supermicro X11Ssz Firmware, Supermicro X11Ssv Firmware, Supermicro X11Ssql Firmware, Supermicro X11Ssq Firmware, Supermicro X11Ssn Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2018-13787 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy