Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM33B2D5EB37498144DC71962B6CDD0BDA75D45EB04F08E3AB36BBCAA8CA377613
HistoryDec 07, 2021 - 2:12 p.m.

Security Bulletin: Incorrect file permissions allows authenticated users to recover IPMI user passwords

2021-12-0714:12:26
www.ibm.com
8

0.002 Low

EPSS

Percentile

53.6%

JSON

Summary

A flaw in the file permissions may expose IPMI user passwords. This may lead to privilege escalations.

Vulnerability Details

CVEID:CVE-2020-14156
**DESCRIPTION:**OpenBMC phosphor-host-ipmid could allow a remote authenticated attacker to bypass security restrictions, caused by the failure to ensure that /etc/ipmi-pass has strong file permissions by user_channel/passwd_mgr.cpp. An attacker could exploit this vulnerability to read and decode the credentials and escalate to any IPMI user.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183497 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Power System AC922 (8335-GTG) OP940.00, OP940.01

Remediation/Fixes

Customers with the product below, running OP940.00 or OP940.01 should install OP940.10

  1. IBM Power System AC922 (8335-GTG)

Workarounds and Mitigations

None

Related

cvelist 1
cve 1
prion 1
nvd 1
osv 1
cvelist
cvelist
CVE-2020-14156
2020-06-15 17:35:57
cve
cve
CVE-2020-14156
2020-06-15 18:15:15
prion
prion
Design/Logic Flaw
2020-06-15 18:15:00
nvd
nvd
CVE-2020-14156
2020-06-15 18:15:15
osv
osv
CVE-2020-14156
2020-06-15 18:15:15

0.002 Low

EPSS

Percentile

53.6%

JSON
Related for 33B2D5EB37498144DC71962B6CDD0BDA75D45EB04F08E3AB36BBCAA8CA377613
cvelist1cve1prion1nvd1osv1