Lucene search

IBM48F37770326E162815C4089EC4DBBD5C40FAC8BDEBEABE658FD21B9E4308B3B3

HistoryJun 20, 2024 - 9:42 p.m.

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode (CVE-2023-30630)

2024-06-2021:42:21

www.ibm.com

tssc/imc

code execution

dmidecode

vulnerability

patch

upgrade

download patch

cve-2023-30630

ibm

total storage service console

ts4500 imc

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

Summary

TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Dmidecode library. (CVE-2023-30630)

Vulnerability Details

CVEID:CVE-2023-30630
**DESCRIPTION:**Dmidecode could allow a local authetnicated attacker to bypass security restrictions, caused by a flaw in the -dump-bin command. By sending a specially crafted request, an attacker could exploit this vulnerability to overwrite a local file.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253256 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
Total Storage Service Console (TSSC) / TS4500 IMC	9.4.14
Total Storage Service Console (TSSC) / TS4500 IMC	9.4.21
Total Storage Service Console (TSSC) / TS4500 IMC	9.4.26
Total Storage Service Console (TSSC) / TS4500 IMC	9.5.8

Remediation/Fixes

Affected Product(s)	Version(s)	Remediation/Fix/Instructions
Total Storage Service Console (TSSC) / TS4500 IMC	9.4.14

Upgrade to 9.4.26/9.5.8

Download patch and execute on TSSC/IMC system

Total Storage Service Console (TSSC) / TS4500 IMC| 9.4.21|

Upgrade to 9.4.26/9.5.8

Download patch and execute on TSSC/IMC system

Total Storage Service Console (TSSC) / TS4500 IMC| 9.4.26| Download patch and execute on TSSC/IMC system
Total Storage Service Console (TSSC) / TS4500 IMC| 9.5.8| Download patch and execute on TSSC/IMC system

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmts7700Match9.4.14

ibmts7700Match9.4.21

ibmts7700Match9.4.26

ibmts7700Match9.5.8

CPENameOperatorVersion
ts7700eq9.4.14
ts7700eq9.4.21
ts7700eq9.4.26
ts7700eq9.5.8

Name	Operator	Version
ts7700	eq	9.4.14
ts7700	eq	9.4.21
ts7700	eq	9.4.26
ts7700	eq	9.5.8

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

Related for 48F37770326E162815C4089EC4DBBD5C40FAC8BDEBEABE658FD21B9E4308B3B3