Default Password Vulnerability in OpenBMC Could Lead to Administrative Access
CVE-2024-35124
7.5HIGH
Summary
A significant security vulnerability exists in the OpenBMC firmware across multiple versions. This flaw arises from inadequate password management and session handling practices, allowing unauthorized attackers to gain administrative access to the Baseboard Management Controller (BMC). The compromised firmware versions include FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60. IBM's X-Force ID 290674 documents further details regarding this security issue.
Affected Version(s)
OpenBMC FW1050.00
OpenBMC FW1030.00
OpenBMC FW1020.00
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved