Security Advisory

CVE-2018-9086

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-11-16 14:00:00

Last updated 2024-08-05 07:17:51

Assigner lenovo

State PUBLISHED

Description

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.

← Browse all CVEs View on cve.org ↗