Default Password Vulnerability in OpenBMC Could Lead to Administrative Access

CVE-2024-35124

7.5HIGH

Key Information

Vendor: IBM
Status: Openbmc
Vendor: CVE Published:; 13 August 2024

Summary

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.

Affected Version(s)

OpenBMC <= FW1050.00

OpenBMC <= FW1030.00

OpenBMC <= FW1020.00

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
May 9, 2024

Collectors

NVD DatabaseMitre Database