Lucene search

K
ibmIBM38F82D2C018275ABAAA2AFC2F7D48B9C43CF8F7C91A6847F9562FF98BEDFCAE1
HistoryDec 07, 2023 - 11:00 p.m.

Security Bulletin: IBM RackSwitch firmware products are affected by a vulnerability in glibc (CVE-2021-35942)

2023-12-0723:00:02
www.ibm.com
20
ibm
rackswitch
firmware
glibc
cve-2021-35942
vulnerability
fix central

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.011

Percentile

84.8%

Summary

The following vulnerability in glibc has been addressed by IBM RackSwitch firmware products.

Vulnerability Details

CVEID:CVE-2021-35942
**DESCRIPTION:**GNU C Library (aka glibc) could allow a local attacker to obtain sensitive information, caused by a flaw when called with an untrusted, crafted pattern in thewordexp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain read arbitrary memory in parse_param (in posix/wordexp.c), or cause the application to crash.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206317 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

Affected Products and Versions

Affected Products Versions
G7028 7.6
G8316 7.9
G8052 7.11
G8264 7.11
G8332 7.7
G8264T 7.9
G8124/G8124E 7.11
G8264CS_SI_Fabric_Image 7.8
G8264CS 7.8

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Products Fix Version

IBM RackSwitch G7028

(G7028_Image_7.6.12.0)

| 7.6.12.0

IBM RackSwitch G8316

(G8316_Image_7.9.34.0)

| 7.9.34.0

IBM RackSwitch G8052

(G8052_Image_7.11.24.0)

| 7.11.24.0

IBM RackSwitch G8264

(G8264_Image_7.11.24.0)

| 7.11.24.0

IBM RackSwitch G8332

(G8332_Image_7.7.40.0)

| 7.7.40.0

IBM RackSwitch G8264T

(G8264T_Image_7.9.34.0)

| 7.9.34.0

IBM RackSwitch G8124/G8124E

(G8124_G8124E_Image_7.11.24.0)

| 7.11.24.0

G8264CS_SI_Fabric_Image - Bundle

(G8264CS_SI_Fabric_Image_7.8.32.0)

| 7.8.32.0

IBM RackSwitch G8264CS

(G8264CS_Image_7.8.32.0)

| 7.8.32.0

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmg7028Match7.6
OR
ibmg8316Match7.9
OR
ibmg8052Match7.11
OR
ibmg8264Match7.11
OR
ibmg8332Match7.7
OR
ibmg8264tMatch7.9
OR
ibmg8124\/g8124eMatch7.11
OR
ibmg8264cs_si_fabric_imageMatch7.8
OR
ibmg8264csMatch7.8

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.011

Percentile

84.8%