IBM Support

8246-L1S (Doc Number=6906): UPDATED POWER 5, 6, 7 and P7+ systems using deprecated TLS versions for CallHome

Fix Readme


Abstract

8246-L1S (Doc Number=6906): UPDATED POWER 5, 6, 7 and P7+ systems using deprecated TLS versions for CallHome

Content

POWER 5, 6, 7 and P7+ systems using deprecated TLS versions for Call Home should follow a recommended mitigation strategy 

Abstract

Some IBM POWER systems with the Call Home feature enabled may be affected by the use of deprecated TLS (Transport Layer Security) versions below TLS 1.2.  This message will provide details of what POWER systems are affected and what are the mitigation strategies.

 
Content

Problem: POWER 5, 6, 7 and 7+ systems are potentially exposed.  Potential mitigation is based on Firmware version and HMC level supported.

 
Risk Categories 
 

  • FW Versions
  • Latest HMC Supported
  • POWER5
  • All FW versions affected
  • All HMC versions affected
  • POWER6
  • All FW versions affected
  • Below HMC 8.870
  • POWER7 and 7+
  • AL710.xxx, AL720.xxx, AL730.xxx, AL740.xxx, AL760.xxx, AL770.xxx, AM710.xxx, AM720.xxx, AM730.xxx, AM740.xxx, AM760.xxx, AM770.xxx, AH720.xxx, AH730.xxx, & AH760.xxx
  • Below HMC 9.940
  • POWER 8 and 9
Shipped with required updates - no action needed.


Description 

POWER 5, 6, 7 and 7+ using TLS for Call Home.
IBM recommends that customers follow these mitigation strategies based on which level of POWER system, the Firmware version, and the HMC level supported:  
  • FW Versions
  • Latest HMC Supported
  • Mitigation
  • P5
  • All FW versions affected
  • HMC 7.790
  • None - Customer should consider upgrade
  • P6
  • All FW versions affected
  • Below HMC 8.870
  • No FW fix; upgrade to HMC 8.870
  • P7 and P7+
  • AL710.xxx, AL720.xxx, AL730.xxx, AL740.xxx, AL760.xxx, AL770.xxx, AM710.xxx, AM720.xxx, AM730.xxx, AM740.xxx, AM760.xxx, AM770.xxx, AH720.xxx, AH730.xxx, & AH760.xxx
  • Below HMC 9.940
  • No FW fix; upgrade to HMC 9.940
  • P8 - P9
Shipped with required updates - no action needed.

Mitigation  

 Clients should consider upgrading to current HMC software level in accordance with the chart above.  If this is not possible, clients should consider implementing alternative methods, such as email notification or SNMP traps and deactivating the IBM ‘Call Home’ feature to avoid industry acknowledged deficiencies in TLS which can present potential security exposures.  Contact your IBM support representative for more information regarding alternative methods.



Doc number: 6906Published date: 20210312

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW1A1","label":"IBM Power Systems"},"Platform":[{"code":"PF002","label":"AIX"}],"Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
16 March 2021

UID

ibm16430825

Page Feedback