Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0860

Опубликовано: 07 июл. 2014
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ibm:integrated_management_module_firmware:*:*:*:*:*:*:*:*
Версия до 1.36 (включая)
cpe:2.3:h:ibm:integrated_management_module:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:ibm:advanced_management_module_firmware:*:*:*:*:*:*:*:*
Версия до 3.65 (включая)
cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:ibm:integrated_management_module_ii_firmware:*:*:*:*:*:*:*:*
Версия до 3.65 (включая)
cpe:2.3:h:ibm:integrated_management_module_ii:-:*:*:*:*:*:*:*

EPSS

Процентиль: 46%
0.00236
Низкий

5 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

github логотип

GHSA-fg2c-6cqh-387h

github
больше 3 лет назад

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.

EPSS

Процентиль: 46%
0.00236
Низкий

5 Medium

CVSS2

Дефекты

CWE-310