Security Bulletin: IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure (CVE-2014-0860)

2023-04-1818:22:18

www.ibm.com

ibm bladecenter

ipmi credentials

plaintext

firmware

security fix

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.001

Percentile

48.6%

JSON

Summary

The administrative IPMI credentials for authenticating communications between the IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) are stored in plaintext within the AMM firmware binaries.

Vulnerability Details

Abstract

Content

Vulnerability Details:

CVE ID: CVE-2014-0860 **
Description:The administrative IPMI credentials for authenticating communications between the AMM and IMM – they are stored in plaintext within the firmware binaries. Using these credentials, any user with access to a blade’s IMM management interface (either via the chassis internal network or in-band through the IMM’s Ethernet over USB interface) can send it arbitrary IPMI commands. This includes the ability to create new IMM management accounts with supervisor privileges which could then be used to connect to the blade’s remote console facility. CVSS Base Score: 4.0
CVSS Temporal Score:** See <http://xforce.iss.net/xforce/xfdb/90880> for the current score**
CVSS Environmental Score*:** Undefined**
CVSS Vector:** (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Affected products and versions

These IBM BladeCenter Advanced Management Module Firmware versions are affected in v3.66D (BPET66D, BBET66D, BPEO66D) and previous versions.

These IBM Integrated Management Module Firmware versions are affected in 1.42, YUOOG2C and previous versions.

This applies to the following hardware products:

BladeCenter Advanced Management Module, Option 25R5778
BladeCenter T Advanced Management Module, Option 32R0835
IBM BladeCenter™-E: Type 1881, 7967, 8677
IBM BladeCenter™-H: Types 1886, 7989, 8852
IBM BladeCenter™-HT: Types 8740, 8750
IBM BladeCenter™-S: Types 1948, 7779, 8886
IBM BladeCenter™-T: Types 8720, 8730
IBM BladeCenter HS22, Types 7870, 1936, 1911
IBM BladeCenter HS22V, Types 7871, 1949
IBM BladeCenter HX5, Type 7872. 7873
IBM BladeCenter HS23, Types 7875, 1929
IBM BladeCenter HS23E, Types 8038, 8039

Affected IBM BladeCenter HS23 and HS23E firmware versions:

1.21 (1AOO26L)
1.22 (1AOO26O)
1.36 (1AOO30P)
1.50 (1AOO30W)
1.75 (1AOO32S)
1.85 (1AOO34Z)
2.00 (1AOO40E)
2.50 (1AOO40Z)
3.60 (1AOO50C)
3.65 (1AOO50D)

Remediation:

The recommended solution is to apply the fix to all previous versions as soon as practical. Please see below for information on the fixes available

Fix:
IBM recommends applying Advanced Management Module firmware version v3.66E (BPET66E, BBET66E, BPEO66E).

IBM recommends applying Integrated Management Module to 1.43 YUOOG6B or later to IBM BladeCenter HS22, HX5.

IBM recommends applying Integrated Management Module II firmware version v4.15 (1AOO58K) to the IBM BladeCenter HS23 and HS23E.

Workaround(s) & Mitigation(s):

None.

References:

Acknowledgement
None

Change History
12 May 2014: Original Copy Published

The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.