The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.
How to fix
Remediation Available
integrated lights-out 2 firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2018-7112derived from NVD
integrated lights-out 3 firmwareNVD
Affected:< 1.90Fixed in:1.90CVE-2018-7112derived from NVD
integrated lights-out 4 firmwareNVD
Affected:< 2.60Fixed in:2.60CVE-2018-7112derived from NVD
proliant bl280c g6 server bladefirmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant bl2x220c g6 server blade firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant bl2x220c g7 server blade firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant bl420c gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant bl460c g6 server blade firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant bl460c g7 server blade firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant bl460c gen8 server blade firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant bl460c gen9 server blade firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant bl465c g7 server blade firmwareNVD
Affected:< 2018.03.14Fixed in:2018.03.14CVE-2018-7112derived from NVD
proliant bl465c gen8 \(amd\) firmwareNVD
Affected:< 2018.03.14Fixed in:2018.03.14CVE-2018-7112derived from NVD
proliant bl490c g6 server blade firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant bl490c g7 server blade firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant bl620c g7 server blade firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant bl660c gen8 server blade firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant bl660c gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant bl680c g7 server blade firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant bl685c g7 server blade \(amd\) firmwareNVD
Affected:< 2018.03.14Fixed in:2018.03.14CVE-2018-7112derived from NVD
proliant dl120 g7 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant dl120 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant dl160 gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant dl160 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant dl180 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant dl20 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant dl320 g6 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant dl320e gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant dl320e gen8 v2 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant dl360 g6 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant dl360 g7 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant dl360 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant dl360e gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant dl360p gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant dl370 g6 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant dl380 g6 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant dl380 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant dl380e gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant dl380p gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant dl385 g7 server firmwareNVD
Affected:< 2018.03.14Fixed in:2018.03.14CVE-2018-7112derived from NVD
proliant dl385p gen8 \(amd\) firmwareNVD
Affected:< 2018.03.14Fixed in:2018.03.14CVE-2018-7112derived from NVD
proliant dl560 gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant dl560 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant dl580 g7 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant dl580 gen8 server firmwareNVD
Affected:< 2.00_02-22-2018Fixed in:2.00_02-22-2018CVE-2018-7112derived from NVD
proliant dl585 g7 server \(amd\) firmwareNVD
Affected:< 2018.03.14Fixed in:2018.03.14CVE-2018-7112derived from NVD
proliant dl60 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant dl80 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant dl980 g7 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant m300 server cartridge firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant m350 server cartridge firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant m510 server cartridge firmwareNVD
Affected:< 1.64_01-22-2018Fixed in:1.64_01-22-2018CVE-2018-7112derived from NVD
proliant m710 server cartridge firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant m710p server cartridge firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant m710x server cartridge firmwareNVD
Affected:< 1.64_01-22-2018Fixed in:1.64_01-22-2018CVE-2018-7112derived from NVD
proliant microserver gen8 firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant ml10 gen9 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant ml10 v2 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant ml110 g7 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant ml110 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant ml150 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant ml30 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant ml310e gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant ml310e gen8 v2 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant ml330 g6 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant ml350 g6 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant ml350 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant ml350e gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant ml350e gen8 v2 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant ml350p gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant ml370 g6 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant sl210t gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant sl250s gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant sl270s gen8 server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant sl390s g7 server firmwareNVD
Affected:< 2018.05.21Fixed in:2018.05.21CVE-2018-7112derived from NVD
proliant sl4540 gen8 1 node server firmwareNVD
Affected:< 2018.01.22Fixed in:2018.01.22CVE-2018-7112derived from NVD
proliant thin micro tm200 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant ws460c gen9 workstation firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl170r gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl190r gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl230a gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl250a gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl260a gen9 server firmwareNVD
Affected:< 1.60_01-22-2018Fixed in:1.60_01-22-2018CVE-2018-7112derived from NVD
proliant xl270d gen9 accelerator tray firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl270d gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl450 gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl730f gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl740f gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
proliant xl750f gen9 server firmwareNVD
Affected:< 2.56_01-22-2018Fixed in:2.56_01-22-2018CVE-2018-7112derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityNone
AvailabilityNone
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploit Intelligence
0.67%probability of exploitation in 30 days
47thpercentile
Moderate risk: more likely to be exploited than 47% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.