Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3744

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.

Published

2017-06-20T00:29:00.330

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	integrated_management_module_firmware	≤ 4.9	Yes
Hardware	lenovo	flex_system_x240_m4	-	No
Hardware	lenovo	flex_system_x240_m5	-	No
Hardware	lenovo	flex_system_x280_x6	-	No
Hardware	lenovo	flex_system_x440_m4	-	No
Hardware	lenovo	flex_system_x480_x6	-	No
Hardware	lenovo	flex_system_x880	-	No
Hardware	lenovo	nextscale_nx360_m5	-	No
Hardware	lenovo	system_x3250_m6	-	No
Hardware	lenovo	system_x3500_m5	-	No
Hardware	lenovo	system_x3550_m5	-	No
Hardware	lenovo	system_x3650_m5	-	No
Hardware	lenovo	system_x3750_m4	-	No
Hardware	lenovo	system_x3850_x6	-	No
Hardware	lenovo	system_x3950_x6	-	No
Hardware	lenovo	thinkagile_cx2200	-	No
Hardware	lenovo	thinkagile_cx4200	-	No
Hardware	lenovo	thinkagile_cx4600	-	No
Operating System	ibm	integrated_management_module_firmware	≤ 6.19	Yes
Hardware	ibm	bladecenter_hs22	-	No
Hardware	ibm	bladecenter_hs23	-	No
Hardware	ibm	bladecenter_hs23e	-	No
Hardware	ibm	flex_system_x220_m4	-	No
Hardware	ibm	flex_system_x222_m4	-	No
Hardware	ibm	flex_system_x240_m4	-	No
Hardware	ibm	flex_system_x280_m4	-	No
Hardware	ibm	flex_system_x440_m4	-	No
Hardware	ibm	flex_system_x480_m4	-	No
Hardware	ibm	flex_system_x880_m4	-	No
Hardware	ibm	idataplex_dx360_m4	-	No
Hardware	ibm	idataplex_dx360_m4_water_cooled	-	No
Hardware	ibm	nextscale_nx360_m4	-	No
Hardware	ibm	system_x3100_m4	-	No
Hardware	ibm	system_x3100_m5	-	No
Hardware	ibm	system_x3250_m4	-	No
Hardware	ibm	system_x3250_m5	-	No
Hardware	ibm	system_x3300_m4	-	No
Hardware	ibm	system_x3500_m4	-	No
Hardware	ibm	system_x3530_m4	-	No
Hardware	ibm	system_x3550_m4	-	No
Hardware	ibm	system_x3630_m4	-	No
Hardware	ibm	system_x3650_m4	-	No
Hardware	ibm	system_x3650_m4_bd	-	No
Hardware	ibm	system_x3650_m4_hd	-	No
Hardware	ibm	system_x3750_m4	-	No
Hardware	ibm	system_x3850_x6	-	No
Hardware	ibm	system_x3950_x6	-	No

References

https://support.lenovo.com/product_security/LEN-14054 Vendor Advisory ([email protected])
https://support.lenovo.com/product_security/LEN-14054 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)