| Vulnerability Name: | CVE-2014-0860 (CCN-90880) | ||||||||
| Assigned: | 2014-07-01 | ||||||||
| Published: | 2014-07-01 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-310 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0860 Source: CCN Type: IBM Security Advisory MIGR-5095840 IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure (CVE-2014-0860) Source: CONFIRM Type: Vendor Advisory http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840 Source: CCN Type: BID-68400 Multiple IBM Products CVE-2014-0860 Plaintext Credentials Information Disclosure Vulnerability Source: XF Type: UNKNOWN ibm-bladecenter-cve20140860-info-disc(90880) Source: XF Type: UNKNOWN ibm-bladecenter-cve20140860-info-disc(90880) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||