IBM Support

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure (CVE-2014-0860)

Created by Igets Administrator on
Published URL:
https://www.ibm.com/support/pages/node/864920
864920

Security Bulletin


Summary

The administrative IPMI credentials for authenticating communications between the IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) are stored in plaintext within the AMM firmware binaries.

Vulnerability Details

Abstract

The administrative IPMI credentials for authenticating communications between the IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) are stored in plaintext within the AMM firmware binaries.

Content

Vulnerability Details:

CVE ID: CVE-2014-0860

Description:The administrative IPMI credentials for authenticating communications between the AMM and IMM – they are stored in plaintext within the firmware binaries. Using these credentials, any user with access to a blade’s IMM management interface (either via the chassis internal network or in-band through the IMM’s Ethernet over USB interface) can send it arbitrary IPMI commands. This includes the ability to create new IMM management accounts with supervisor privileges which could then be used to connect to the blade’s remote console facility.
CVSS Base Score: 4.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90880 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Affected products and versions

These IBM BladeCenter Advanced Management Module Firmware versions are affected in v3.66D (BPET66D, BBET66D, BPEO66D) and previous versions.

These IBM Integrated Management Module Firmware versions are affected in 1.42, YUOOG2C and previous versions.

This applies to the following hardware products:

  • BladeCenter Advanced Management Module, Option 25R5778
  • BladeCenter T Advanced Management Module, Option 32R0835 
  • IBM BladeCenter(TM)-E: Type 1881, 7967, 8677
  • IBM BladeCenter(TM)-H: Types 1886, 7989, 8852
  • IBM BladeCenter(TM)-HT: Types 8740, 8750
  • IBM BladeCenter(TM)-S: Types 1948, 7779, 8886
  • IBM BladeCenter(TM)-T: Types 8720, 8730
  • IBM BladeCenter HS22, Types 7870, 1936, 1911
  • IBM BladeCenter HS22V, Types 7871, 1949
  • IBM BladeCenter HX5, Type 7872. 7873
  • IBM BladeCenter HS23, Types 7875, 1929
  • IBM BladeCenter HS23E, Types 8038, 8039

Affected IBM BladeCenter HS23 and HS23E firmware versions:

  • 1.21 (1AOO26L)
  • 1.22 (1AOO26O)
  • 1.36 (1AOO30P)
  • 1.50 (1AOO30W)
  • 1.75 (1AOO32S)
  • 1.85 (1AOO34Z)
  • 2.00 (1AOO40E)
  • 2.50 (1AOO40Z)
  • 3.60 (1AOO50C)
  • 3.65 (1AOO50D)

Remediation:

The recommended solution is to apply the fix to all previous versions as soon as practical. Please see below for information on the fixes available

Fix:
IBM recommends applying Advanced Management Module firmware version v3.66E (BPET66E, BBET66E, BPEO66E).

IBM recommends applying Integrated Management Module to 1.43 YUOOG6B or later to IBM BladeCenter HS22, HX5.

IBM recommends applying Integrated Management Module II firmware version v4.15 (1AOO58K) to the IBM BladeCenter HS23 and HS23E.

Workaround(s) & Mitigation(s):

None.

References:

 

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement
None

Change History
12 May 2014: Original Copy Published

* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

 

 

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

On

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

Operating System

BladeCenter:Operating system independent / None

[{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW20M","label":"BladeCenter->BladeCenter T Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW20T","label":"BladeCenter->BladeCenter E Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU056","label":"Miscellaneous"},"Product":{"code":"HW21Q","label":"BladeCenter HS22"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB18","label":"Miscellaneous LOB"}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW21Y","label":"BladeCenter H Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW22P","label":"BladeCenter S Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW22Q","label":"BladeCenter->BladeCenter HT Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW232","label":"BladeCenter->BladeCenter HS22V"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW233","label":"BladeCenter->BladeCenter HX5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW239","label":"BladeCenter->BladeCenter HS23"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW23F","label":"BladeCenter->BladeCenter HS23E"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB18","label":"Miscellaneous LOB"}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW22P","label":"BladeCenter S Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
18 April 2023

UID

ibm1MIGR-5095840

Page Feedback