CVE-2014-4768

IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:S/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278	Vendor Advisory
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ibm:uefi:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ibm:flex_system_x3850_x6::::::::
	cpe:2.3:h:ibm:flex_system_x3950_x6::::::::
	cpe:2.3:h:ibm:flex_system_x880_x6::::::::

History

21 Nov 2024, 02:10

Type	Values Removed	Values Added
References	~~() http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278 - Vendor Advisory~~	() http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278 - Vendor Advisory

Information

Published : 2015-06-28 22:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-4768

Mitre link : CVE-2014-4768

CVE.ORG link : CVE-2014-4768

JSON object : View

Products Affected

ibm

flex_system_x3950_x6
uefi
flex_system_x3850_x6
flex_system_x880_x6

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-4768", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-28T22:59:00.080", "references": [{"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode."}, {"lang": "es", "value": "IBM Unified Extensible Firmware Interface (UEFI) en los dispositivos Flex System x880 X6, System x3850 X6, y System x3950 X6 permite a usuarios remotos autenticados causar una denegaci\u00f3n temporal no especificado de servicio mediante el uso del acceso privilegiado a habilitar un modo de inicio de legado."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:uefi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AA7C145-0800-4994-BE33-5441F9FA5D89"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system_x3850_x6:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E1618B4-B532-4E1C-A515-D6592A7EBEFC"}, {"criteria": "cpe:2.3:h:ibm:flex_system_x3950_x6:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CBAFC8E0-6442-45F2-A5B5-9BFB523BC445"}, {"criteria": "cpe:2.3:h:ibm:flex_system_x880_x6:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9EDC087B-B5AF-4E46-BBE2-C42D78B74051"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}