CVE-2014-0860

Severity CVSS v4.0:

Pending analysis

Type:

CWE-310 Cryptographic Issues

Publication date:

07/07/2014

Last modified:

06/05/2026

Description

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 5.00 MEDIUM
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

5.00

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:ibm:integrated_management_module_firmware::::::::		1.36 (including)
cpe:2.3:h:ibm:integrated_management_module:-:::::::*
cpe:2.3:o:ibm:advanced_management_module_firmware::::::::		3.65 (including)
cpe:2.3:h:ibm:advanced_management_module:-:::::::*
cpe:2.3:o:ibm:integrated_management_module_ii_firmware::::::::		3.65 (including)
cpe:2.3:h:ibm:integrated_management_module_ii:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CVE-2014-0860

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools