IBM696DC5BF46936781DD874026F0A5EEA2FAB7D489AA68A865C022E1BC23D55471Security Bulletin: IBM Virtualization Engine TS7700 – Insufficient Restrictions on SSH Users (CVE-2014-3048)
EPSS
Percentile
5.1%
Summary
Unprivileged users may be able to invoke privileged commands via SSH. With the right type of network access to the hardware, a skilled user could figure out a way to craft an SSH command to grant themselves privileged access, allowing the user to issue all administrative commands, with the potential to disrupt normal system operation. This patch fixes a security vulnerability that allows a TSSC service user unauthorized access to the attached TS7700.
Vulnerability Details
CVE ID:CVE-2014-3048
DESCRIPTION:
An unspecified vulnerability in IBM System Storage TS7740 Virtualization Engine could allow an attacker with physical access to obtain root level privileges.
CVSS:
CVSS Base Score: 6.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93434 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C)
Affected Products and Versions
IBM Virtualization Engine TS7700 (3957-V06, 3957-V07, 3957-VEA, 3957-VEB), all microcode versions.
Remediation/Fixes
Contact IBM Service at 1-800-IBM-SERV to arrange the application of vtd_exec.195.
Workarounds and Mitigations
Restrict physical access to the TS7700.
Related
