Access Vulnerability in IBM Open Power Firmware for BMC Interface
CVE-2019-4169

8.1HIGH

Key Information:

Vendor: IBM
Status: P9 Openpower; P9 Openpower
Vendor: CVE Published:; 26 August 2019

Summary

The IBM Open Power Firmware for OP910 and OP920 has a vulnerability that allows unauthorized access to the Baseboard Management Controller (BMC) via the Intelligent Platform Management Interface (IPMI). This occurs even if the default OpenBMC password has been changed. As a result, attackers could potentially exploit this weakness to gain control over the system's management features, presenting serious security risks. For more information, please refer to the official documentation from IBM: IBM Support and IBM X-Force Exchange.

Affected Version(s)

P9 OpenPower OP910

P9 OpenPOWER OP920

References

http://www.ibm.com/support/docview.wss?uid=ibm10881209

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/158702

vdb-entryx_refsource_XF

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 26, 2019
Vulnerability Reserved
Jan 3, 2019