Sign-up

ID

VAR-201801-0504


CVE

CVE-2017-3768


TITLE

plural Lenovo and IBM Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001744

DESCRIPTION

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease. plural Lenovo and IBM The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2017-3768 // JVNDB: JVNDB-2018-001744

AFFECTED PRODUCTS

vendor:ibmmodel:idataplex dx360 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3100 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3750 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:flex system x280 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3100 m5scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:bladecenter hs23escope:ltversion:6.4

Trust: 1.0

vendor:lenovamodel:flex system x240 m4scope:ltversion:4.4

Trust: 1.0

vendor:ibmmodel:system x3850 x6scope:ltversion:6.4

Trust: 1.0

vendor:lenovamodel:system x3500 m5scope:ltversion:4.4

Trust: 1.0

vendor:lenovamodel:system x3550 m5scope:ltversion:4.4

Trust: 1.0

vendor:lenovamodel:system x3650 m5scope:ltversion:4.4

Trust: 1.0

vendor:ibmmodel:system x3500 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:bladecenter hs22scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3300 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3650 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3250 m5scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:flex system x222 m4scope:ltversion:6.4

Trust: 1.0

vendor:lenovamodel:flex system x240 m5scope:ltversion:4.4

Trust: 1.0

vendor:lenovamodel:flex system x480 x6scope:ltversion:4.4

Trust: 1.0

vendor:ibmmodel:system x3650 m4 bdscope:ltversion:6.4

Trust: 1.0

vendor:lenovamodel:flex system x440 m4scope:ltversion:4.4

Trust: 1.0

vendor:lenovamodel:flex system x280 x6scope:ltversion:4.4

Trust: 1.0

vendor:ibmmodel:flex system x220 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3550 m4scope:ltversion:6.4

Trust: 1.0

vendor:lenovamodel:system x3850 x6scope:ltversion:4.4

Trust: 1.0

vendor:ibmmodel:idataplex dx360 m4 water cooledscope:ltversion:6.4

Trust: 1.0

vendor:lenovamodel:system x3750 m4scope:ltversion:4.4

Trust: 1.0

vendor:ibmmodel:nextscale nx360 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3530 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3950 x6scope:ltversion:6.4

Trust: 1.0

vendor:lenovamodel:nextscale nx360 m5scope:ltversion:4.4

Trust: 1.0

vendor:ibmmodel:bladecenter hs23scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3650 m4 hdscope:ltversion:6.4

Trust: 1.0

vendor:lenovamodel:system x3950 x6scope:ltversion:4.4

Trust: 1.0

vendor:lenovamodel:flex system x880scope:ltversion:4.4

Trust: 1.0

vendor:ibmmodel:flex system x240 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:flex system x880 m4scope:ltversion:6.4

Trust: 1.0

vendor:lenovamodel:system x3250 m6scope:ltversion:4.4

Trust: 1.0

vendor:ibmmodel:flex system x440 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3630 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:system x3250 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:flex system x480 m4scope:ltversion:6.4

Trust: 1.0

vendor:ibmmodel:bladecenter hs22scope: - version: -

Trust: 0.8

vendor:ibmmodel:flex system x220 m4scope: - version: -

Trust: 0.8

vendor:ibmmodel:nextscale nx360 m4scope: - version: -

Trust: 0.8

vendor:ibmmodel:system x idataplex dx360 m4scope: - version: -

Trust: 0.8

vendor:ibmmodel:system x3100 m4scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system x240 m4scope: - version: -

Trust: 0.8

vendor:lenovomodel:nextscale nx360 m5scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3250 m6scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-001744 // NVD: CVE-2017-3768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3768
value: HIGH

Trust: 1.0

NVD: CVE-2017-3768
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201801-1035
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-3768
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2017-3768
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-001744 // CNNVD: CNNVD-201801-1035 // NVD: CVE-2017-3768

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2018-001744 // NVD: CVE-2017-3768

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-1035

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201801-1035

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001744

PATCH
title:LEN-14450url:https://support.lenovo.com/jp/ja/product_security/len-14450
Trust: 0.8
title:Lenovo System x Series and IBM System x Series of security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78131
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001744 // 
            
            
            
            CNNVD: CNNVD-201801-1035

EXTERNAL IDS
db:NVDid:CVE-2017-3768
Trust: 2.4
db:LENOVOid:LEN-14450
Trust: 1.6
db:JVNDBid:JVNDB-2018-001744
Trust: 0.8
db:CNNVDid:CNNVD-201801-1035
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001744 // 
            
            
            
            CNNVD: CNNVD-201801-1035 // 
            
            
            
            NVD: CVE-2017-3768

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-14450
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3768
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3768
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-001744 // 
            
            
            
            CNNVD: CNNVD-201801-1035 // 
            
            
            
            NVD: CVE-2017-3768

SOURCES
db:JVNDBid:JVNDB-2018-001744
db:CNNVDid:CNNVD-201801-1035
db:NVDid:CVE-2017-3768

LAST UPDATE DATE
2024-11-23T22:56:01.770000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-001744date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201801-1035date:2018-01-29T00:00:00
db:NVDid:CVE-2017-3768date:2024-11-21T03:26:06.100

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-001744date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201801-1035date:2018-01-29T00:00:00
db:NVDid:CVE-2017-3768date:2018-01-26T19:29:00.383