Sign-up

ID

VAR-201407-0497


CVE

CVE-2014-0860


TITLE

plural IBM Any in the product firmware IPMI Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-003205

DESCRIPTION

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. Multiple IBM Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The vulnerability stems from the fact that the program stores plaintext IPMI certificates. An attacker can exploit this vulnerability to execute arbitrary IPMI commands and establish a remote control session of the blade

Trust: 1.98

sources: NVD: CVE-2014-0860 // JVNDB: JVNDB-2014-003205 // BID: 68400 // VULHUB: VHN-68353

AFFECTED PRODUCTS

vendor:ibmmodel:integrated management modulescope:lteversion:1.36

Trust: 1.0

vendor:ibmmodel:advanced management modulescope:lteversion:3.65

Trust: 1.0

vendor:ibmmodel:advanced management modulescope:eqversion: -

Trust: 1.0

vendor:ibmmodel:integrated management module iiscope:lteversion:3.65

Trust: 1.0

vendor:ibmmodel:integrated management module iiscope:eqversion: -

Trust: 1.0

vendor:ibmmodel:integrated management modulescope:eqversion: -

Trust: 1.0

vendor:ibmmodel:bladecenter management modulescope: - version: -

Trust: 0.8

vendor:ibmmodel:bladecenter management modulescope:ltversion:3.66e

Trust: 0.8

vendor:ibmmodel:integrated management modulescope: - version: -

Trust: 0.8

vendor:ibmmodel:integrated management module iiscope: - version: -

Trust: 0.8

vendor:ibmmodel:integrated management module iiscope:ltversion:4.15

Trust: 0.8

vendor:ibmmodel:integrated management modulescope:ltversion:1.43

Trust: 0.8

vendor:ibmmodel:integrated management modulescope:eqversion:1.36

Trust: 0.6

vendor:ibmmodel:integrated management module iiscope:eqversion:3.65

Trust: 0.6

vendor:ibmmodel:advanced management modulescope:eqversion:3.65

Trust: 0.6

vendor:ibmmodel:integrated management module yuoog2cscope:eqversion:1.42

Trust: 0.3

vendor:ibmmodel:bladecenter -tscope:eqversion:8730

Trust: 0.3

vendor:ibmmodel:bladecenter -tscope:eqversion:8720

Trust: 0.3

vendor:ibmmodel:bladecenter -sscope:eqversion:8886

Trust: 0.3

vendor:ibmmodel:bladecenter -sscope:eqversion:7779

Trust: 0.3

vendor:ibmmodel:bladecenter -sscope:eqversion:1948

Trust: 0.3

vendor:ibmmodel:bladecenter -htscope:eqversion:8750

Trust: 0.3

vendor:ibmmodel:bladecenter -htscope:eqversion:8740

Trust: 0.3

vendor:ibmmodel:bladecenter -hscope:eqversion:8852

Trust: 0.3

vendor:ibmmodel:bladecenter -hscope:eqversion:7989

Trust: 0.3

vendor:ibmmodel:bladecenter -hscope:eqversion:1886

Trust: 0.3

vendor:ibmmodel:bladecenter -escope:eqversion:8677

Trust: 0.3

vendor:ibmmodel:bladecenter -escope:eqversion:7967

Trust: 0.3

vendor:ibmmodel:bladecenter -escope:eqversion:1881

Trust: 0.3

vendor:ibmmodel:bladecenter t advanced management module 32r0835scope:eqversion:0

Trust: 0.3

vendor:ibmmodel:bladecenter hx5scope:eqversion:7873

Trust: 0.3

vendor:ibmmodel:bladecenter hx5scope:eqversion:7872

Trust: 0.3

vendor:ibmmodel:bladecenter hs23escope:eqversion:8039

Trust: 0.3

vendor:ibmmodel:bladecenter hs23escope:eqversion:8038

Trust: 0.3

vendor:ibmmodel:bladecenter hs23scope:eqversion:7875

Trust: 0.3

vendor:ibmmodel:bladecenter hs23scope:eqversion:1929

Trust: 0.3

vendor:ibmmodel:bladecenter hs22vscope:eqversion:7871

Trust: 0.3

vendor:ibmmodel:bladecenter hs22vscope:eqversion:1949

Trust: 0.3

vendor:ibmmodel:bladecenter hs22scope:eqversion:7870

Trust: 0.3

vendor:ibmmodel:bladecenter hs22scope:eqversion:1936

Trust: 0.3

vendor:ibmmodel:bladecenter hs22scope:eqversion:1911

Trust: 0.3

vendor:ibmmodel:bladecenter advanced management module bpet66d 3.66dscope: - version: -

Trust: 0.3

vendor:ibmmodel:bladecenter advanced management module bpeo66d 3.66dscope: - version: -

Trust: 0.3

vendor:ibmmodel:bladecenter advanced management module bbet66d 3.66dscope: - version: -

Trust: 0.3

vendor:ibmmodel:bladecenter advanced management module 25r5778scope:eqversion:0

Trust: 0.3

vendor:ibmmodel:integrated management module yuoog6bscope:neversion:1.43

Trust: 0.3

vendor:ibmmodel:integrated management module ii aoo58kscope:neversion:4.15

Trust: 0.3

vendor:ibmmodel:advanced management module bpet66e 3.66escope:neversion: -

Trust: 0.3

vendor:ibmmodel:advanced management module bpeo66e 3.66escope:neversion: -

Trust: 0.3

vendor:ibmmodel:advanced management module bbet66e 3.66escope:neversion: -

Trust: 0.3

sources: BID: 68400 // JVNDB: JVNDB-2014-003205 // CNNVD: CNNVD-201407-159 // NVD: CVE-2014-0860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0860
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0860
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-159
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68353
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0860
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68353
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68353 // JVNDB: JVNDB-2014-003205 // CNNVD: CNNVD-201407-159 // NVD: CVE-2014-0860

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-68353 // JVNDB: JVNDB-2014-003205 // NVD: CVE-2014-0860

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-159

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201407-159

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003205

PATCH
title:MIGR-5095840url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095840
Trust: 0.8
title:ibm_fw_imm2_1aoo58k-4.15_bc-anyos_noarchurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51010
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-003205 // 
            
            
            
            CNNVD: CNNVD-201407-159

EXTERNAL IDS
db:NVDid:CVE-2014-0860
Trust: 2.8
db:XFid:90880
Trust: 1.4
db:JVNDBid:JVNDB-2014-003205
Trust: 0.8
db:CNNVDid:CNNVD-201407-159
Trust: 0.7
db:BIDid:68400
Trust: 0.4
db:VULHUBid:VHN-68353
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68353 // 
            
            
            
            BID: 68400 // 
            
            
            
            JVNDB: JVNDB-2014-003205 // 
            
            
            
            CNNVD: CNNVD-201407-159 // 
            
            
            
            NVD: CVE-2014-0860

REFERENCES
url:http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095840
Trust: 1.7
url:http://xforce.iss.net/xforce/xfdb/90880
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90880
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0860
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0860
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095840
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68353 // 
            
            
            
            BID: 68400 // 
            
            
            
            JVNDB: JVNDB-2014-003205 // 
            
            
            
            CNNVD: CNNVD-201407-159 // 
            
            
            
            NVD: CVE-2014-0860

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 68400

SOURCES
db:VULHUBid:VHN-68353
db:BIDid:68400
db:JVNDBid:JVNDB-2014-003205
db:CNNVDid:CNNVD-201407-159
db:NVDid:CVE-2014-0860

LAST UPDATE DATE
2024-11-23T23:02:44.699000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68353date:2017-08-29T00:00:00
db:BIDid:68400date:2014-05-12T00:00:00
db:JVNDBid:JVNDB-2014-003205date:2014-07-08T00:00:00
db:CNNVDid:CNNVD-201407-159date:2014-07-08T00:00:00
db:NVDid:CVE-2014-0860date:2024-11-21T02:02:55.597

SOURCES RELEASE DATE
db:VULHUBid:VHN-68353date:2014-07-07T00:00:00
db:BIDid:68400date:2014-05-12T00:00:00
db:JVNDBid:JVNDB-2014-003205date:2014-07-08T00:00:00
db:CNNVDid:CNNVD-201407-159date:2014-07-08T00:00:00
db:NVDid:CVE-2014-0860date:2014-07-07T11:01:28.680