Sign-up

ID

VAR-201808-0938


CVE

CVE-2018-7093


TITLE

plural HPE Vulnerabilities related to security functions in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-009018

DESCRIPTION

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service. plural HPE The product contains vulnerabilities related to security functions.Service operation interruption (DoS) There is a possibility of being put into a state. HPE Integrated Lights-Out (iLO) is an embedded server management technology, which monitors and maintains the health of the server, remotely manages the server, etc. through an integrated remote management port. Moonshot Chassis Manager is a movement chassis manager. Moonshot Component Pack is a Moonshot component pack. Security vulnerabilities exist in several HPE products. A remote attacker could exploit this vulnerability to cause a denial of service

Trust: 1.71

sources: NVD: CVE-2018-7093 // JVNDB: JVNDB-2018-009018 // VULHUB: VHN-137125

AFFECTED PRODUCTS

vendor:hpmodel:integrated lights-out 3scope:ltversion:1.90

Trust: 1.0

vendor:hpmodel:integrated lights-out 5scope:ltversion:1.30

Trust: 1.0

vendor:hpmodel:moonshot component packscope:ltversion:2.55

Trust: 1.0

vendor:hpmodel:integrated lights-out 4scope:ltversion:2.60

Trust: 1.0

vendor:hpmodel:moonshot chassis managerscope:ltversion:1.58

Trust: 1.0

vendor:hewlett packardmodel:hpe integrated lights-out 3scope:ltversion:1.90

Trust: 0.8

vendor:hewlett packardmodel:hpe integrated lights-out 4scope:ltversion:2.60

Trust: 0.8

vendor:hewlett packardmodel:hpe integrated lights-out 5scope:ltversion:1.30

Trust: 0.8

vendor:hewlett packardmodel:hpe moonshot chassis managerscope:ltversion:1.58

Trust: 0.8

vendor:hewlett packardmodel:hpe moonshot component packscope:ltversion:2.55

Trust: 0.8

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.55

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:2.03

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:1.13

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:1.11

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.50

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:1.20

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.20

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.80

Trust: 0.6

vendor:hpmodel:integrated lights-out 4scope:eqversion:2.01

Trust: 0.6

vendor:hpmodel:integrated lights-out 3scope:eqversion:1.28

Trust: 0.6

sources: JVNDB: JVNDB-2018-009018 // CNNVD: CNNVD-201808-443 // NVD: CVE-2018-7093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7093
value: HIGH

Trust: 1.0

NVD: CVE-2018-7093
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-443
value: HIGH

Trust: 0.6

VULHUB: VHN-137125
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7093
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-137125
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7093
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137125 // JVNDB: JVNDB-2018-009018 // CNNVD: CNNVD-201808-443 // NVD: CVE-2018-7093

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-137125 // JVNDB: JVNDB-2018-009018 // NVD: CVE-2018-7093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-443

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-443

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009018

PATCH
title:hpesbhf03835en_usurl:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us
Trust: 0.8
title:Multiple HPE Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83899
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009018 // 
            
            
            
            CNNVD: CNNVD-201808-443

EXTERNAL IDS
db:NVDid:CVE-2018-7093
Trust: 2.5
db:SECTRACKid:1041435
Trust: 1.7
db:JVNDBid:JVNDB-2018-009018
Trust: 0.8
db:CNNVDid:CNNVD-201808-443
Trust: 0.7
db:VULHUBid:VHN-137125
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137125 // 
            
            
            
            JVNDB: JVNDB-2018-009018 // 
            
            
            
            CNNVD: CNNVD-201808-443 // 
            
            
            
            NVD: CVE-2018-7093

REFERENCES
url:http://www.securitytracker.com/id/1041435
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03835en_us
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7093
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7093
Trust: 0.8
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03835en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137125 // 
            
            
            
            JVNDB: JVNDB-2018-009018 // 
            
            
            
            CNNVD: CNNVD-201808-443 // 
            
            
            
            NVD: CVE-2018-7093

SOURCES
db:VULHUBid:VHN-137125
db:JVNDBid:JVNDB-2018-009018
db:CNNVDid:CNNVD-201808-443
db:NVDid:CVE-2018-7093

LAST UPDATE DATE
2024-11-23T22:12:21.674000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137125date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-009018date:2018-11-06T00:00:00
db:CNNVDid:CNNVD-201808-443date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7093date:2024-11-21T04:11:37.953

SOURCES RELEASE DATE
db:VULHUBid:VHN-137125date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-009018date:2018-11-06T00:00:00
db:CNNVDid:CNNVD-201808-443date:2018-08-14T00:00:00
db:NVDid:CVE-2018-7093date:2018-08-14T14:29:00.510