CVE-2017-3774

Published: Apr 19, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.

Affected (2)

Products: Lenovo: Integrated Management Module 2

Lenovo

1 product

Integrated Management Module 2

Configuration A

1 vulnerable · 14 platform

Vulnerable Software	Affected Versions
Lenovo Integrated Management Module 2	Before 4.70

Running on/with	Platform Versions
Lenovo Flex System X240 M4	All versions
Lenovo Flex System X240 M5	All versions
Lenovo Flex System X280 X6	All versions
Lenovo Flex System X440 M4	All versions
Lenovo Flex System X480 X6	All versions
Lenovo Flex System X880	All versions
Lenovo Nextscale Nx360 M5	All versions
Lenovo System X3250 M6	All versions
Lenovo System X3500 M5	All versions
Lenovo System X3550 M5	All versions
Lenovo System X3650 M5	All versions
Lenovo System X3750 M4	All versions
Lenovo System X3850 X6	All versions
Lenovo System X3950 X6	All versions

Configuration B

1 vulnerable · 28 platform

Vulnerable Software	Affected Versions
Lenovo Integrated Management Module 2	Before 6.60

Running on/with	Platform Versions
Ibm Bladecenter Hs22	All versions
Ibm Bladecenter Hs23	All versions
Ibm Bladecenter Hs23e	All versions
Ibm Flex System X220 M4	All versions
Ibm Flex System X222 M4	All versions
Ibm Flex System X240 M4	All versions
Ibm Flex System X280 M4	All versions
Ibm Flex System X440 M4	All versions
Ibm Flex System X480 M4	All versions
Ibm Flex System X880 M4	All versions
Ibm Idataplex Dx360 M4	All versions
Ibm Idataplex Dx360 M4 Water Cooled	All versions
Ibm Nextscale Nx360 M4	All versions
Ibm System X3100 M4	All versions
Ibm System X3100 M5	All versions
Ibm System X3250 M4	All versions
Ibm System X3250 M5	All versions
Ibm System X3300 M4	All versions
Ibm System X3500 M4	All versions
Ibm System X3530 M4	All versions
Ibm System X3550 M4	All versions
Ibm System X3630 M4	All versions
Ibm System X3650 M4	All versions
Ibm System X3650 M4 Bd	All versions
Ibm System X3650 M4 Hd	All versions
Ibm System X3750 M4	All versions
Ibm System X3850 X6	All versions
Ibm System X3950 X6	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-19586

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-19586

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.