Default Password Vulnerability in OpenBMC Could Lead to Administrative Access
CVE-2024-35124
7.5HIGH
What is CVE-2024-35124?
A significant security vulnerability exists in the OpenBMC firmware across multiple versions. This flaw arises from inadequate password management and session handling practices, allowing unauthorized attackers to gain administrative access to the Baseboard Management Controller (BMC). The compromised firmware versions include FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60. IBM's X-Force ID 290674 documents further details regarding this security issue.
Affected Version(s)
OpenBMC FW1050.00
OpenBMC FW1030.00
OpenBMC FW1020.00