IBM7F758F1BB855EE29B3962D5E18198C083F0E8CCEC176DEF1C90536436C292870Security Bulletin: BladeCenter SAS Connectivity Module (NSSM) are affected by two vulnerabilities (CVE-2014-3018, CVE-2014-3019)
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
61.2%
Summary
Two vulnerabilities affect BladeCenter SAS Connectivity Module
Vulnerability Details
Abstract
Two vulnerabilities affect BladeCenter SAS Connectivity Module
Content
Vulnerability Details:
CVE-ID: CVE-2014-3018
**Description:**IBM SAS Connectivity Module (NSSM) contain a denial of service when a large amount of IP packets are directed toward the device which would cause the device to reboot.
CVSS Base Score: 5.0
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93052> for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-3019
Description: IBM SAS Connectivity Module (NSSM) contain an unauthenticated telnet port that could allow a remote attacker to gain access to certain functions of the blade and storage pools.
CVSS Base Score: 6.4
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93054> for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Affected products and versions
The following versions of IBM BladeCenter SAS Connectivity Module (NSSM) are affected: Version earlier than 3.78
Remediation/Fixes:
It is recommended to apply the following fixes, available from IBM Fix Central:
Workaround(s) & Mitigation(s):
None
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
61.2%