Lucene search

[email protected]NVD:CVE-2024-35124

HistoryAug 13, 2024 - 12:15 p.m.

CVE-2024-35124

2024-08-1312:15:06

CWE-306

CWE-288

[email protected]

web.nvd.nist.gov

openbmc

default password

session management

administrative access

ibm x-force id

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.5%

JSON

A vulnerability in the combination of the OpenBMC’s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.

Affected configurations

Nvd

Node

ibmopenbmcRangefw1020.00–fw1020.60

ibmopenbmcRangefw1030.00–fw1030.50

ibmopenbmcRangefw1050.00–fw1050.10

VendorProductVersionCPE
ibmopenbmc*cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	openbmc	*	cpe:2.3:o:ibm:openbmc::::::::

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/290674

www.ibm.com/support/pages/node/7163195

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.5%

JSON

Related for NVD:CVE-2024-35124

cvelist1 vulnrichment1 ibm1 cve1