Low Severity

Vulnerability involving IBM Cloud Baseboard Management Controller (BMC) Firmware

Share this post:

Summary:
The Baseboard Management Controller (BMC) is a third-party component designed to enable remote management of a server for initial provisioning, operating system reinstall and troubleshooting. As part of IBM Cloud’s Bare Metal Server offering, clients have access to the BMC.

Vulnerability Details:
On some system models offered by IBM Cloud and other cloud providers, a malicious attacker with access to the provisioned system could overwrite the firmware of the BMC. The system could then be returned to the hardware pool, where the compromised BMC firmware could then be used to attack the next user of the system.

The BMC has limited processing power and memory, which makes these types of attacks difficult. IBM has found no indication that this vulnerability has been exploited for malicious purposes. In addition, all clients of IBM Cloud receive a private network for their BMCs, separate from the private networks containing other clients’ BMCs and unprovisioned BMCs.

Remediation/Fixes:
IBM has responded to this vulnerability by forcing all BMCs, including those that are already reporting up-to-date firmware, to be reflashed with factory firmware before they are re-provisioned to other customers. All logs in the BMC firmware are erased and all passwords to the BMC firmware are regenerated.

Workarounds and Mitigations:
None.

Related Information
IBM Secure Engineering Web Portal

 

Change History
25 February 2019:  Original version published

More Low Severity stories

IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264)

May 25, 2019 9:01 am EDT | Medium Severity

When configured for TLS Syslog the Wincollect agent does not verify the authenticity or accuracy of the server certificate. Even when a certificate is specified within the WinCollect configuration it is ignored, and any certificate presented by the server is blindly accepted while negotiating TLS. CVE(s): CVE-2019-4264 Affected product(s) and affected version(s):WinCollect Agent 7.1.2 – ...read more


IBM Security Bulletin: Security vulnerability affects the Report Builder shipped with Jazz Reporting Service (CVE-2019-4184)

May 25, 2019 9:01 am EDT | Medium Severity

There is a security vulnerability in the Report Builder shipped with Jazz Reporting Service. CVE(s): CVE-2019-4184 Affected product(s) and affected version(s): Jazz Reporting Service 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6 and 6.0.6.1. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884604X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158974 ...read more


IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139)

May 24, 2019 9:01 am EDT | Medium Severity

This bulletin addresses a security vulnerability that has been fixed in IBM Cognos Analytics 11.1.2 and IBM Cognos Analytics 11.0.13 FP1. A Cross Site Scripting (XSS) vulnerability could allow attackers to inject code into a GET statement when importing visualizations. This has been addressed in the latest available updates. CVE(s): CVE-2019-4139 Affected product(s) and affected ...read more