CVE-2024-35124
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | OpenBMC | FW1050.00 <= FW1050.10 | affected |
| IBM | OpenBMC | FW1030.00 <= FW1030.50 | affected |
| IBM | OpenBMC | FW1020.00 <= FW1020.60 | affected |
Weaknesses
- CWE-288: CWE-288
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.ibm.com/support/pages/node/7163195
- https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.