A vulnerability in the Intel Ethernet Controller XL710 affects IBM MQ Appliance M2001.
CVEID: CVE-2016-8106 DESCRIPTION: Intel Ethernet Controller X710/XL710 is vulnerable to a denial of service, caused by improper handling of certain network traffic. By sending specially-crafted network traffic, a remote attacker could exploit this vulnerability to cause the system to stop responding.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120415> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM MQ Appliance
Use the Platform Hardware Diagnostics NVM Tool v1.1.1.3 to upgrade the Intel Ethernet Control XL710 to NVM 5.05.
****** Update January 2018:******
The previously available NVM Tool, dated 20170329-1238, could fail to upgrade the Intel Ethernet Control XL710 to NVM 5.05.
If you used that version of the NVM Tool, you must re-apply the fix using the NVM Tool dated 20170906-0927, which is the version now linked from this document.
The tool reports the current firmware version before upgrading. If the firmware has already been successfully upgraded, the following message is displayed:
None