IBM5C05EF23E22094D8B99CC085442E868CD2EDEBA3FD9C2EE9E08B86D02416E472Security Bulletin: BladeCenter SAS RAID Module (RSSM) are affected by two vulnerabilities (CVE-2014-3018, CVE-2014-3019)
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
61.2%
Summary
Two vulnerabilities affect BladeCenter SAS RAID Module.
Vulnerability Details
Abstract
Two vulnerabilities affect BladeCenter SAS RAID Module.
Content
Vulnerability Details:
CVE-ID: CVE-2014-3018
Description: IBM SAS Connectivity Module (NSSM) and SAS RAID Module (RSSM) contain a denial of service when a large amount of IP packets are directed toward the device which would cause the device to reboot.
CVSS Base Score: 5.0
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93052> for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-3019
Description: IBM SAS Connectivity Module (NSSM) and SAS RAID Controller Module (RSSM) contain an unauthenticated telnet port that could allow a remote attacker to gain access to certain functions of the blade and storage pools.
CVSS Base Score: 6.4
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93054> for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Affected products and versions
The following versions of IBM BladeCenter SAS RAID Module (RSSM) are affected:
- 1.3.3.004 and earlier
Remediation/Fixes:
It is recommended to apply the following fixes, available from IBM Fix Central:
Workaround(s) & Mitigation(s):
None
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
61.2%