IBM Support

9406-MMA (Doc Number=6840): POWER 5, 6, 7 and P7+ systems using deprecated TLS versions for Call Home

Fix Readme


Abstract

9406-MMA (Doc Number=6840): POWER 5, 6, 7 and P7+ systems using deprecated TLS versions for Call Home

Content

IBM Confidential

POWER 5, 6, 7 and P7+ systems using deprecated TLS versions for Call Home should follow a recommended mitigation strategy 

 
Abstract

Some IBM POWER systems with the Call Home feature enabled may be affected by the use of deprecated TLS (Transport Layer Security) versions below TLS 1.2.  This message will provide details of what POWER systems are affected and what are the mitigation strategies.

 
Content

Problem: POWER 5, 6, 7 and 7+ systems are potentially exposed.  Potential mitigation is based on Firmware version and HMC level supported.

 
Risk Categories

FW Versions

 Latest HMC Supported
POWER5
 All FW versions affected All HMC versions affected
POWER6
 FW 3.1 - FW 3.5 Below HMC 8.870
POWER7 and 7+
 FW version below 7.70

Below HMC 9.940
POWER 8 and 9
 Shipped with required updates - no action needed.


Description

POWER 5, 6, 7 and 7+ using TLS for Call Home.

 IBM recommends that customers follow these mitigation strategies based on which level of POWER system, the Firmware version, and the HMC level supported:  


 FW Versions Latest HMC Supported Mitigation
P5
 FW 2.1 - FW 2.4

HMC 7.790

 None - Customer should consider upgrade
P6

FW 3.1 - FW 3.5

Below HMC 8.870

No FW fix; upgrade to HMC 8.870
P7 and P7+

Can only support FW 7.1 - 7.63

Below HMC 9.940

No FW fix; upgrade to HMC 9.940
P7 and P7+

Can support FW 7.70 and higher

Below HMC 9.940

Upgrade to FW 7.70 or higher; upgrade to HMC 9.940
P8 - P9

Shipped with required updates - no action needed.

 Mitigation 

 Clients should consider upgrading to current HMC software level in accordance with the chart above.  If this is not possible, clients should consider implementing alternative methods, such as email notification or SNMP traps and deactivating the IBM ‘Call Home’ feature to avoid industry acknowledged deficiencies in TLS which can present potential security exposures.  Contact your IBM support representative for more information regarding alternative methods.



Doc number: 6840Published date: 20210210

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW1A1","label":"IBM Power Systems"},"Platform":[{"code":"PF002","label":"AIX"}],"Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
10 February 2021

UID

ibm16414235

Page Feedback