IBM products 8335-GTC, 8335-GTG, 8335-GTH, 8335-GTW, and 8335-GTX have identified a security vulnerability. BMC field mode is normally enabled but may not be enabled on systems which have had their BMC replaced.
CVEID: CVE-2021-29789
Description: IBM BMCs could have been shipped with an incorrect configuration setting which could lead to a denial of service or unintended firmware to be installed on the device.
CVSS Base Score: 6.4
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/203321 for more information
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
8335-GTC, 8335-GTG, and 8335-GTW | OP910 |
8335-GTH and 8335-GTX | OP920 |
8335-GTH and 8335-GTX | OP930 |
8335-GTH and 8335-GTX | OP940 |
Refer to the steps in the Workaround and Mitigations section
Check if BMC field mode is disabled and enable BMC field mode by following all the steps below. The steps shown are for a Linux command shell which has access to the BMC. Step 1 requires changes to work on your BMC: replace <bmc ip address> with your BMC’s IP address, and replace <> with your password.
1. Login to your BMC’s REST server:
export bmcip=<bmc ip address>
export token=`curl -k -H "Content-Type: application/json" -X POST https://${bmcip}/login -d '{"username": "root", "password": "<>"}' | grep token | awk '{print $2;}' | tr -d '"'`
2. Check if BMC field mode is enabled:
curl -k -H “X-Auth-Token: $token” -X GET <https://${bmcip}/xyz/openbmc_project/software/attr/FieldModeEnabled>
A response which contains: “data”: true means field mode is enabled, and false means field mode is disabled.
3. If field mode is disabled, invoke the REST API to enable BMC field mode:
curl -k -H “X-Auth-Token: $token” -H ‘Content-Type: application/json’ -X PUT -d ‘{“data”:1}’ https://${bmcip}/xyz/openbmc_project/software/attr/FieldModeEnabled
4. Logout of the BMC’s REST server:
curl -k -H “X-Auth-Token: $token” -X POST https://${bmcip}/logout
CPE | Name | Operator | Version |
---|---|---|---|
power system s924 server (9009-42a) | eq | 910 | |
power system s924 server (9009-42a) | eq | 940 |