Cleartext Credential Vulnerability in IBM BladeCenter Management Firmware
CVE-2014-0860

Currently unrated

Key Information:

Vendor: IBM
Status: Integrated Management Module Firmware; Integrated Management Module
Vendor: CVE Published:; 7 July 2014

Summary

Certain firmware versions of IBM BladeCenter AMM, IMM, and IMM2 contain cleartext Intelligent Platform Management Interface (IPMI) credentials. This exposure enables attackers with local network access to execute arbitrary IPMI commands, leading to unauthorized remote control of blades through the chassis internal network or the Ethernet-over-USB interface. Protecting these systems from unauthorized access is crucial for maintaining operational integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90880

vdb-entryx_refsource_XF

http://www.ibm.com/support/entry/portal/docdisplay?lndoci...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Jan 6, 2014