CVE-2017-3744

6.5MEDIUM

Key Information:

Vendor: Lenovo
Status: Lenovo System X Imm2
Vendor: CVE Published:; 20 June 2017

Summary

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.

Affected Version(s)

Lenovo System x IMM2 Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20

References

https://support.lenovo.com/product_security/LEN-14054

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2017
Vulnerability Reserved
Dec 16, 2016