CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
21.6%
POWER8/POWER9: The POWER systems FSP is vulnerable to unauthenticated logins through the physical serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. In response to this security issue, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2022-22309
CVEID:CVE-2022-22309
**DESCRIPTION:**The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217095 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Firmware release FW860, FW940 and FW950 are affected.
Customers with the products below, install FW860.B0
IBM Power System S812(8284-21A)
IBM Power System S822(8284-22A)
IBM Power System S814(8286-41A)
IBM Power System S824(8286-42A)
IBM Power System S812L(8247-21L)
IBM Power System S822L(8247-22L)
IBM Power System S824L(8247-42L)
IBM Power System E850(8408-E8E)
IBM Power System E850C(8408-44E)
IBM Power System E870(9119-MME)
IBM Power System E870C(9080-MME)
IBM Power System E880(9119-MHE)
IBM Power System E880C(9080-MHE)
IBM Power System S812L(5148-21L)
IBM Power System S822L(5148-22L)
Customers with the products below, install FW940.60 or FW950.40 or above.
IBM Power System S922 (9009-22A)
IBM Power System H922 (9223-22H)
IBM Power System S914 (9009-41A)
IBM Power System S924 (9009-42A)
IBM Power System H924 (9223-42H)
IBM Power System L922 (9008-22L)
IBM Power System E950 (9040-MR9)
Customers with the products below, install FW950.40 or above.
IBM Power System S914 (9009-41G)
IBM Power System S922 (9009-22G)
IBM Power System S924(9009-42G)
IBM ESS 5000 Server (5105-22E)
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | power_hardware_management_console | any | cpe:2.3:a:ibm:power_hardware_management_console:any:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
21.6%