medium
5.5
Advisory Published
Updated

CVE-2018-7112

First published: Mon Dec 03 2018(Updated: )

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.

Credit: security-alert@hpe.com

Affected SoftwareAffected VersionHow to fix
HP Integrated Lights-Out 2<2.33
HP Integrated Lights-Out 2 firmware
HP ProLiant Gen6 Server
HP Integrated Lights-Out 3<1.90
HPE Integrated Lights-Out
HP ProLiant Gen7 Server
HP Integrated Lights-Out 4 mRCA firmware<2.60
HP ProLiant Gen8 Server
HP ProLiant XL750f Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant XL750f Gen9
HP ProLiant XL740f Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant XL740f Gen9
HP ProLiant XL730f Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant xl730f Gen9 Server
HPE ProLiant XL450 Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant XL450 Gen9 Server
HP ProLiant XL270d Gen9 Accelerator Tray Firmware<2.56_01-22-2018
HPE ProLiant xl270d Gen9 Special Server
HP ProLiant XL270d Gen9 Accelerator Tray<2.56_01-22-2018
HP ProLiant XL270d Gen9 Accelerator Tray Firmware
HP ProLiant XL260a Gen9 Server Firmware<1.60_01-22-2018
HPE ProLiant xl260a gen9 server
HPE ProLiant XL250a Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant XL250a Gen9 Server
HPE ProLiant XL230a Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant XL230a Gen9 Server
HP ProLiant XL190r Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant XL190r Gen9 Server Firmware
HP ProLiant XL170r Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant XL170R Gen9
HP ProLiant DL560 Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant DL560 Gen9 Server Firmware
HP ProLiant DL380 Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant DL380 Gen9 Server
HP ProLiant DL360 Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant DL360 Gen9
HP ProLiant DL180 Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant DL180 Gen9
HP ProLiant DL160 Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant DL160 Gen9 Server
HP ProLiant DL120 Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant DL120 Gen9 Server
HP ProLiant DL80 Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant DL80 Gen9 Server
HP ProLiant DL60 Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant DL60 Gen9 Server
HP ProLiant DL20 Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant DL20 Gen9 Server Firmware
HP ProLiant ML350 Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant ML30 Gen9 Server
HPE ProLiant ML150 Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant ML150 Gen9 Server
HP ProLiant ML110 Gen9<2.56_01-22-2018
HP ProLiant ML110 Gen9 Server Firmware
HP Proliant ML30 Gen9 Server Firmware<2.56_01-22-2018
HP ProLiant ML30 Gen9
HP ProLiant ML10 Gen9 Server Firmware<2018.01.22
HP ProLiant ML10 Gen9 Server Firmware
HPE ProLiant BL660c Gen9 Server Firmware<2.56_01-22-2018
HPE ProLiant bl660c gen9 server blade
HPE ProLiant BL460c Gen9 Server Blade Firmware<2.56_01-22-2018
HPE ProLiant BL460c Gen9 Server Blade
HP ProLiant WS460c Gen9 Workstation Firmware<2.56_01-22-2018
HP ProLiant WS460c Gen9 Workstation Firmware
HP ProLiant DL380e Gen8 Server Firmware<2018.01.22
HP ProLiant DL380e Gen8 Server Firmware
HP ProLiant DL360p Gen8 Server Firmware<2018.01.22
HP ProLiant DL360p Gen8 Server Firmware
HP ProLiant DL360e Gen8 Server Firmware<2018.01.22
HPE ProLiant DL360e Gen8 Server
HP ProLiant DL320e Gen8 v2 Server Firmware<2018.01.22
HPE ProLiant DL320e Gen8 v2 Server
HP ProLiant DL320e Gen8 Server Firmware<2018.01.22
HP ProLiant DL320e Gen8 Server Firmware
HP ProLiant DL160 Gen8 Server Firmware<2018.01.22
HPE ProLiant DL160 Gen8 Server
HP ProLiant SL250s Gen8 Server Firmware<2018.01.22
HP ProLiant SL250s Gen8 Server Firmware
HP ProLiant SL210t Gen8 Server Firmware<2018.01.22
HP ProLiant SL210t Gen8 Server Firmware
HP Proliant BL660c Gen8 Server Blade Firmware<2018.01.22
HP ProLiant BL660c Gen8 Server Blade
HP ProLiant BL465c Gen8 (AMD) Firmware<2018.03.14
HP ProLiant BL465c Gen8 (AMD)
HP ProLiant BL460c Gen8 Server Blade<2018.01.22
HPE ProLiant BL460c Gen8 Blade Server
HP ProLiant BL420c Gen8 Server Firmware<2018.01.22
HPE ProLiant BL420c Gen8 Server
HP ProLiant SL4540 Gen8 1 Node Server Firmware<2018.01.22
HP ProLiant SL4540 Gen8 1 Node Server Firmware
HPE ProLiant SL270s Gen8 Server Firmware<2018.01.22
HPE ProLiant SL270s Gen8 Server Firmware
HP ProLiant DL580 Gen8 Server Firmware<2.00_02-22-2018
HP ProLiant DL580 Gen8 Server Firmware
HP ProLiant DL560 Gen8 Server Firmware<2018.01.22
HPE ProLiant DL560 Gen8 Server
HP ProLiant DL380p Gen8 Server<2018.01.22
HPE ProLiant DL380p Gen8 Server
HPE ProLiant DL385p Gen8 (AMD) Firmware<2018.03.14
HP ProLiant DL385p Gen8 (AMD)
HPE ProLiant ML350e Gen8 v2 Server Firmware<2018.01.22
HPE ProLiant ML350e Gen8 v2 Server
HPE ProLiant ML350e Gen8 v2 Server Firmware<2018.01.22
HPE ProLiant ML350e Gen8 v2 Server
HP ProLiant ML350p Gen8 Server Firmware<2018.01.22
HP ProLiant ML350p Gen8 Server Firmware
HP ProLiant ML310e Gen8 Server Firmware<2018.01.22
HPE ProLiant ML310e Gen8 v2 Server
HP ProLiant ML310e Gen8 v2 Server Firmware<2018.01.22
HP ProLiant ML310e Gen8 v2 Server
HP ProLiant MicroServer Gen8 Firmware<2018.01.22
HPE ProLiant MicroServer Gen8
HP ProLiant m710p Server Cartridge<2018.01.22
HP ProLiant m710 Server Cartridge Firmware
HP ProLiant m710 Server Cartridge Firmware<2018.01.22
HP ProLiant m710 Server Cartridge Firmware
HP ProLiant m710x Server Cartridge Firmware<1.64_01-22-2018
HP ProLiant m710x Server Cartridge Firmware
HPE ProLiant m510 server cartridge<1.64_01-22-2018
HPE ProLiant m510 server cartridge
HP ProLiant m350 Server Cartridge Firmware<2018.01.22
HP ProLiant m350 Server Cartridge Firmware
HP ProLiant m300 Server Cartridge Firmware<2018.01.22
HP ProLiant m300 Server Cartridge Firmware
HP ProLiant BL2x220c G7 Server Blade<2018.05.21
HP ProLiant BL2x220c G7 Server Blade
HP ProLiant DL585 G7 Server (AMD) Firmware<2018.03.14
HP ProLiant DL585 G7 Server
HP ProLiant DL980 G7 Server Firmware<2018.05.21
HP ProLiant DL980 G7 Server Firmware
HP ProLiant DL580 G7 Server Firmware<2018.05.21
HP ProLiant DL580 G7 Server
HP ProLiant DL385 G7 Server Firmware<2018.03.14
HP ProLiant DL385 G7 Server Firmware
HP ProLiant DL380 G7 Server Firmware
HP ProLiant DL380 G7 Server Firmware
HP ProLiant DL120 G7 Server<2018.05.21
HP ProLiant DL120 G7 Server Firmware
HP ProLiant DL360 G7 Server Firmware<2018.05.21
HP ProLiant DL360 G7 Server Firmware
HP ProLiant BL685c G7 Server Blade (AMD) Firmware<2018.03.14
HP ProLiant BL685c G7 Server Blade (AMD)
HP ProLiant BL680c G7 Server Blade<2018.05.21
HP ProLiant BL680c G7 Server Blade
HP ProLiant BL620c G7 Server Blade Firmware<2018.05.21
HP ProLiant BL620c G7 Server Blade
HP ProLiant BL490c G7 Server Blade<2018.05.21
HP ProLiant BL490c G7 Server Blade Firmware
HP ProLiant BL465c G7 Server Blade Firmware<2018.03.14
HP ProLiant BL465c G7 Server Blade Firmware
HP ProLiant BL460c G7 Server Blade<2018.05.21
HP ProLiant BL460c G7 Server Blade Firmware
HP ProLiant SL390s G7 Server Firmware<2018.05.21
HP ProLiant SL390s G7 Server Firmware
HP ProLiant ML110 G7 Server Firmware<2018.05.21
HP ProLiant ML110 G7 Server Firmware
HP ProLiant ML10 v2 Server Firmware<2018.01.22
HP ProLiant ML10 v2 Server Firmware
HP ProLiant SL4545 G7 Server (AMD) Firmware=2018.03.14\(a\)
HP ProLiant SL4545 G7 Server (AMD)
HP ProLiant Thin Micro TM200 Server Firmware<2.56_01-22-2018
HP ProLiant Thin Micro TM200 Server
HP ProLiant DL380 G6 Server Firmware<2018.05.21
HP ProLiant DL380 G6 Server Firmware
HP ProLiant ML370 G6 Server Firmware<2018.05.21
HP ProLiant DL370 G6 Server Firmware
HP ProLiant DL360 G6 Server Firmware<2018.05.21
HP ProLiant DL360 G6 Server
HP ProLiant DL320 G6 Server Firmware<2018.05.21
HP ProLiant DL320 G6 Server
HP ProLiant DL180 G6
HP ProLiant DL180 G6
HP ProLiant DL170h G6 Server Firmware
HP ProLiant dl170h G6
HP ProLiant DL170e G6 Server Firmware
HP ProLiant DL170e G6 Server Firmware
HP ProLiant SL160s G6 Server Firmware
HP Proliant DL160 G6 Server
HP ProLiant DL120 G6 Server Firmware
HP ProLiant dl120 G6
HP ProLiant ML370 G6 Server Firmware<2018.05.21
HP ProLiant ML370 G6 Server
HP ProLiant ML350 G6 Server<2018.05.21
HP ProLiant ML350 G6 Server Firmware
HP ProLiant ML330 G6 Server Firmware<2018.05.21
HP ProLiant ML330 G6 Server Firmware
HP ProLiant ML150 G6
HP ProLiant ML150 G6 Server Firmware
HP ProLiant ML110 G6 Server Firmware
HP ProLiant ML110 G6 Server
HP ProLiant DL170e G6 Server Firmware
HP ProLiant sl2x170z G6
HP ProLiant BL490c G6 Server Blade<2018.05.21
HP ProLiant BL490c G6 Server Blade Firmware
HP ProLiant BL460c G6 Server Blade Firmware<2018.05.21
HP ProLiant BL460c G6 Server Blade Firmware
HP ProLiant DL170e G6 Server Firmware
HP ProLiant SL170z G6 Server Firmware
HP ProLiant SL160s G6 Server Firmware
HP ProLiant SL160s G6 Server Firmware
HP ProLiant BL2x220c G6 Server Blade Firmware<2018.05.21
HP ProLiant BL2x220c G6 Server Blade Firmware
HP ProLiant BL280c G6 Server Blade Firmware<2018.05.21
HP ProLiant BL280c G6 Server

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2018-7112?

    CVE-2018-7112 is classified as a medium severity vulnerability due to its potential for local disclosure of privileged information.

  • How do I fix CVE-2018-7112?

    To mitigate CVE-2018-7112, apply the latest firmware updates provided by HPE for affected server models.

  • Which products are affected by CVE-2018-7112?

    CVE-2018-7112 affects certain Gen9, Gen8, G7, and G6 HPE server models that use the HPE-provided Windows firmware installer.

  • What does CVE-2018-7112 allow attackers to do?

    CVE-2018-7112 allows local attackers to disclose privileged information on affected HPE servers.

  • Is there a workaround for CVE-2018-7112?

    There are no specific workarounds for CVE-2018-7112; updating the firmware is the recommended action.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203