Authentication flaw

2018-01-2619:29:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease.

CPENameOperatorVersion
bladecenter_hs22_firmwarelt6.4
bladecenter_hs23_firmwarelt6.4
bladecenter_hs23e_firmwarelt6.4
flex_system_x220_m4_firmwarelt6.4
flex_system_x222_m4_firmwarelt6.4
flex_system_x240_m4_firmwarelt6.4
flex_system_x280_m4_firmwarelt6.4
flex_system_x440_m4_firmwarelt6.4
flex_system_x480_m4_firmwarelt6.4
flex_system_x880_m4_firmwarelt6.4

Name	Operator	Version
bladecenter_hs22_firmware	lt	6.4
bladecenter_hs23_firmware	lt	6.4
bladecenter_hs23e_firmware	lt	6.4
flex_system_x220_m4_firmware	lt	6.4
flex_system_x222_m4_firmware	lt	6.4
flex_system_x240_m4_firmware	lt	6.4
flex_system_x280_m4_firmware	lt	6.4
flex_system_x440_m4_firmware	lt	6.4
flex_system_x480_m4_firmware	lt	6.4
flex_system_x880_m4_firmware	lt	6.4