7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Security vulnerabilities have been discovered in OpenSSL which impact the management port on DS8870 R7.x
CVE-ID: CVE-2014-0224
DESCRIPTION:
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server.
CVSS Base Score: 5.8
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93586> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
DS8870 Release 7.x
IBM strongly suggests that you install the vulnerability fix identified immediately below
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
DS8870 R7.2 | 87.21.30.0 | N/A | 06/30/2014 |
DS8870 R7.3 | 87.30.105.0 | N/A | 07/27/2014 |
Please contact your IBM representative to order and install the service release
The following steps can help mitigate, but not eliminate the risks of this vulnerability:
To stop the CIM Agent using the Web User Interface on the Hardware Master Console (HMC).
- login as “customer”
CPE | Name | Operator | Version |
---|---|---|---|
ibm ds8870 | eq | 7.2 | |
ibm ds8870 | eq | 7.3 |
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N