CVE-2024-35124

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*

History

22 Aug 2024, 13:31

Type Values Removed Values Added
First Time Ibm
Ibm openbmc
CPE cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad en la combinación de la contraseña predeterminada y la administración de sesiones de FW1050.00 a FW1050.10, FW1030.00 a FW1030.50 y FW1020.00 a FW1020.60 de OpenBMC permite a un atacante obtener acceso administrativo al BMC. ID de IBM X-Force: 290674.
CWE CWE-306
References () https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674 - () https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7163195 - () https://www.ibm.com/support/pages/node/7163195 - Vendor Advisory

13 Aug 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 12:15

Updated : 2024-08-22 13:31


NVD link : CVE-2024-35124

Mitre link : CVE-2024-35124

CVE.ORG link : CVE-2024-35124


JSON object : View

Products Affected

ibm

  • openbmc
CWE
CWE-306

Missing Authentication for Critical Function

CWE-288

Authentication Bypass Using an Alternate Path or Channel