IBMFD5CF29C3F858B569568AB9E95FEE588062FCD7FCAC0B05312C1CA8AC517E269Security Bulletin: IBM Virtualization Engine TS7700 Management Interface (CVE-2021-29908)
0.002 Low
EPSS
Percentile
51.5%
Summary
The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM Virtualization Engine TS7700 has addressed the vulnerability.
Vulnerability Details
CVEID:CVE-2021-29908
**DESCRIPTION:**The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207747 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
Only the following versions of microcode for the IBM Virtualization Engine TS7700 (3957-VEC and 3957-VED) are affected:
| Machine Type | Model | Version |
|---|---|---|
| 3957 | VEC |
8.51.0.63
8.51.1.26
8.52.100.32
3957| VED|
8.51.0.63
8.51.1.26
8.52.100.32
Remediation/Fixes
Contact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate code-specific VTD_EXEC (900 or 901) as needed. Affected microcode versions are shown below:
| Machine Type | Model | Fix |
|---|---|---|
| 3957 | VEC |
If using 8.51.0.63, upgrade to 8.51.1.26, then apply VTD_EXEC.900
If using 8.51.1.26, apply VTD_EXEC.900
If using 8.52.100.32, apply VTD_EXEC.901
3957| VED|
If using 8.51.0.63, upgrade to 8.51.1.26, then apply VTD_EXEC.900
If using 8.51.1.26, apply VTD_EXEC.900
If using 8.52.100.32, apply VTD_EXEC.901
The minimum VTD_EXEC version is shown below:
| VTD_EXEC Package | Version |
|---|---|
| VTD_EXEC.900 | v1.03 |
| VTD_EXEC.901 | v1.02 |
Workarounds and Mitigations
None
Related
0.002 Low
EPSS
Percentile
51.5%