Default Password Vulnerability in IBM's Intelligent Platform Management Interface
CVE-2013-4031

Currently unrated

Key Information:

Vendor: IBM
Status: System X3500 M3; Flex System X440 Compute Node; System X3250 M4; System X3550 M3
Vendor: CVE Published:; 9 August 2013

Summary

The Intelligent Platform Management Interface (IPMI) implementations on various IBM hardware, such as BladeCenter and Flex System, are compromised by having a default password for the IPMI user account. This configuration enables potential remote attackers to carry out critical actions such as powering on, powering off, or rebooting the server. Additionally, the vulnerability allows unauthorized users to add or modify accounts, exposing the system to further risks. Organizations using affected IBM servers should ensure that they change the default IPMI credentials to mitigate this security threat.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/86172

vdb-entryx_refsource_XF

http://www.ibm.com/support/entry/portal/docdisplay?lndoci...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 9, 2013
Vulnerability Reserved
Jun 7, 2013