CVE-2024-35124

Summary

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.

Affected Software

VendorProductVersion RangeStatus
IBMOpenBMCFW1050.00 <= FW1050.10affected
IBMOpenBMCFW1030.00 <= FW1030.50affected
IBMOpenBMCFW1020.00 <= FW1020.60affected

Weaknesses

  • CWE-288: CWE-288

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References