CVE-2024-35124

Aug. 13, 2024, 12:58 p.m.

7.5
High

Description

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.

Product(s) Impacted

Product Versions
OpenBMC
  • ['FW1050.00 - FW1050.10', 'FW1030.00 - FW1030.50', 'FW1020.00 - FW1020.60']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-288
Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References

https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674
https://www.ibm.com/support/pages/node/7163195

Tags

psirt@us.ibm.com
CWE-288
2024-08-13
CVE-2024-35124

CVSS Score

7.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Aug. 13, 2024, 12:15 p.m.
Last Modified: Aug. 13, 2024, 12:58 p.m.

Status : Undergoing Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

psirt@us.ibm.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.