How severe is CVE-2018-1992?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2018-1992?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2018-1992 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.

Related Vulnerabilities

CVE-2016-1358

MEDIUM

CVSS:6.4(Medium)

Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration i...

CWE-1192016

CVE-2017-8329

MEDIUM

CVSS:6.4(Medium)

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These val...

CWE-1192017

CVE-2018-25109

MEDIUM

CVSS:6.4(Medium)

A vulnerability has been found in Nintendo Animal Crossing, Doubutsu no Mori+ and Doubutsu no Mori e+ 1.00/1.01 on GameCube and classified as critical. Affected by this vulnerability is an unknown fun...

CWE-1192018

CVE-2019-15945

MEDIUM

CVSS:6.4(Medium)

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

CWE-1192019

CVE-2019-15946

MEDIUM

CVSS:6.4(Medium)

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

CWE-1192019

CVE-2023-40661

MEDIUM

CVSS:6.4(Medium)

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage o...

CWE-1192023