CVE-2024-45656 (GCVE-0-2024-45656)

Vulnerability from cvelistv5 – Published: 2024-10-29 00:37 – Updated: 2024-11-02 03:55
VLAI?
Title
IBM Flexible Service Processor hard coded credentials
Summary
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Flexible Service Processor Affected: FW860.00 , ≤ FW860.B3 (semver)
Affected: FW950.00 , ≤ FW950.C0 (semver)
Affected: FW1030.00 , ≤ FW1030.61 (semver)
Affected: FW1050.00 , ≤ FW1050.21 (semver)
Affected: FW1060.00 , ≤ FW1060.10 (semver)
    cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:power9_system_firmware:fw1030.00:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:power9_system_firmware:fw860.00:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45656",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-02T03:55:32.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*",
            "cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*",
            "cpe:2.3:o:ibm:power9_system_firmware:fw1030.00:*:*:*:*:*:*:*",
            "cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*",
            "cpe:2.3:o:ibm:power9_system_firmware:fw860.00:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Flexible Service Processor",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "FW860.B3",
              "status": "affected",
              "version": "FW860.00",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "FW950.C0",
              "status": "affected",
              "version": "FW950.00",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "FW1030.61",
              "status": "affected",
              "version": "FW1030.00",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "FW1050.21",
              "status": "affected",
              "version": "FW1050.00",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "FW1060.10",
              "status": "affected",
              "version": "FW1060.00",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP."
            }
          ],
          "value": "IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T00:37:16.004Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7174183"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Flexible Service Processor hard coded credentials",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-45656",
    "datePublished": "2024-10-29T00:37:16.004Z",
    "dateReserved": "2024-09-03T13:50:26.296Z",
    "dateUpdated": "2024-11-02T03:55:32.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45656\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-10-29T01:15:03.823\",\"lastModified\":\"2025-12-03T18:14:19.413\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.\"},{\"lang\":\"es\",\"value\":\"IBM Flexible Service Processor (FSP) FW860.00 a FW860.B3, FW950.00 a FW950.C0, FW1030.00 a FW1030.61, FW1050.00 a FW1050.21 y FW1060.00 a FW1060.10 tienen credenciales est\u00e1ticas que pueden permitir a los usuarios de la red obtener privilegios de servicio para el FSP.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e1080_\\\\(9080-hex\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW1030.00\",\"versionEndIncluding\":\"FW1030.61\",\"matchCriteriaId\":\"5E7BDC86-55B3-4C43-BC47-1FB19185E190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e1080_\\\\(9080-hex\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW1050.00\",\"versionEndIncluding\":\"FW1050.21\",\"matchCriteriaId\":\"976C2293-3D49-4114-B937-FB160F8FBF06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e1080_\\\\(9080-hex\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW1060.00\",\"versionEndIncluding\":\"FW1060.10\",\"matchCriteriaId\":\"84AAB9B6-8D50-41B7-A1FD-0BD703A01C9F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_e1080_\\\\(9080-hex\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF85251B-E02C-4293-98F0-D331BF51CAC4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_l922_\\\\(9008-22l\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"8C0565C9-BD63-44E2-95A1-2E09BF5F39BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_l922_\\\\(9008-22l\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61493605-7807-498B-9DD7-48B244AD0415\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s922_\\\\(9009-22a\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"E21805FF-7443-4B2C-84AB-7F466EB15C23\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s922_\\\\(9009-22a\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AB350B1-3964-485A-AAB3-55558DD375BD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s922_\\\\(9009-22g\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"0B6DDE00-8EA5-4FA6-A40C-34A782A05D9C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s922_\\\\(9009-22g\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95E5E77F-A5BB-46E7-B6B6-B02F242DE829\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_h922_\\\\(9223-22h\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"C8170C2C-EBCB-4E19-B50D-A450A7228520\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_h922_\\\\(9223-22h\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"633D5D2E-300A-4896-8F90-57F9B7AFE01E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_h922_\\\\(9223-22s\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"40480955-5D26-4CF8-814B-0C82ED78F80B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_h922_\\\\(9223-22s\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7851003-8D6B-4FE8-87D7-BE968E85E448\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s914_\\\\(9009-41a\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"BB939A4E-6E8E-484A-B48B-79AA1902441E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s914_\\\\(9009-41a\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D9CA070-A7E4-451A-9C3C-D2622E7A9A92\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s914_\\\\(9009-41g\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"F158B807-948F-43D0-9285-11A7B6F2ADC5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s914_\\\\(9009-41g\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"003F591A-ACCD-497E-BF8A-DE090321D778\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s924_\\\\(9009-42a\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"62402866-C564-4C12-A132-D25F5C4E24E8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s924_\\\\(9009-42a\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65A41386-AAE5-409C-9355-2EEB07F01926\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s924_\\\\(9009-42g\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"E65E13C5-0D0D-4AD7-BE9E-878EB1AC922C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s924_\\\\(9009-42g\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4038C5DB-DF9C-4661-9590-F6A0CD4D15D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_h924_\\\\(9223-42h\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"F95EFC6A-41C3-47EC-AF69-FF9C7865BC47\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_h924_\\\\(9223-42h\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24CC25C2-BE64-4022-A229-D639CED27B00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_h924_\\\\(9223-42s\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"1648F052-81EC-4413-8821-CEA26618883C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_h924_\\\\(9223-42s\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2F0E93A-26F0-4914-8A31-3C86E64D5B8A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e950_\\\\(9040-mr9\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"522A8B9C-1C5A-405A-9C69-D8922CA6093F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_e950_\\\\(9040-mr9\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FF58E5C-0A54-4F2F-A426-0BFD1EACE991\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e980_\\\\(9080-m9s\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"FEE72139-CA42-4A6F-B92D-B8BEAC5F5DB2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_e980_\\\\(9080-m9s\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BE56BD8-DB0F-4151-9428-42F1B6452D99\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:ess_5000_\\\\(5105-22e\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW950.00\",\"versionEndIncluding\":\"FW950.C0\",\"matchCriteriaId\":\"9BC3FE56-860E-4082-9B67-F601B664D079\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:ess_5000_\\\\(5105-22e\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9601FB8F-748D-416E-B0ED-B0F153DEF273\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s812_\\\\(8284-21a\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"1182BC6E-273A-476E-AFCB-D900E79738F3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s812_\\\\(8284-21a\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20CF4CFB-75B0-4988-B0BD-EEBEAC67B0D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s822_\\\\(8284-22a\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"1CAD90C7-965C-408A-83BA-1BE16467ABA9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s822_\\\\(8284-22a\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D33239A-0941-41C8-8B98-1F8BCB525278\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s814_\\\\(8286-41a\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"9A5F8FB7-44A9-446B-B862-D0AB86E8DC4E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s814_\\\\(8286-41a\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46875D11-D3C5-439F-BBD3-248C97C8644F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s824_\\\\(8286-42a\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"C46E4D07-6305-4C00-A438-9421E152A7A5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s824_\\\\(8286-42a\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E927BD4-96D2-4F07-A63A-D1363AF565BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s812l_\\\\(8247-21l\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"ADB1955B-D221-46AB-9F73-650922C8C67D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s812l_\\\\(8247-21l\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1310173-8240-471A-9013-850F6DB268B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s822l_\\\\(8247-22l\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"58EAAE17-D200-4BFC-8AD7-1F47ED4AC542\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s822l_\\\\(8247-22l\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F510B9E1-9F75-4363-ABBE-7C2F4E307CF6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_s824l_\\\\(8247-42l\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"83605078-37AD-4CDB-87C0-A90395144605\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_s824l_\\\\(8247-42l\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37379AAA-03CD-455E-99BD-F6DCBA056747\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e850_\\\\(8408-e8e\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"BC20130F-5FDA-487E-8042-1B9DEE5C60C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_e850_\\\\(8408-e8e\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F09B66F4-D38E-4A50-B181-51C4311D53B3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e850c_\\\\(8408-44e\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"9A2227BC-B807-4FE6-AB97-57337FC30568\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_e850c_\\\\(8408-44e\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E887A0D-B897-4ADA-9092-81729D0169CE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e870_\\\\(9119-mme\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"2B712F00-E5BC-4BFC-AF6C-069542F51ACE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_e870_\\\\(9119-mme\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1436909C-F4DF-49C0-9C7C-D21A6AF0A357\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e880_\\\\(9119-mhe\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"E1B29CBA-4CA4-4CD8-B812-C42F3ED72023\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_e880_\\\\(9119-mhe\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A19C47A-F659-4FC9-9ADC-0242A79FD600\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e870c_\\\\(9080-mme\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"6EA72DC6-903B-4755-99CA-838977DD4F5A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_e870c_\\\\(9080-mme\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D44BBFD-BCD8-4510-8791-400C8A4B203F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:power_system_e880c_\\\\(9080-mhe\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"FW860.00\",\"versionEndIncluding\":\"FW860.B3\",\"matchCriteriaId\":\"072166D3-984E-4547-BD77-EDAB86FAF05C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ibm:power_system_e880c_\\\\(9080-mhe\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3BF5A3-87C5-44FF-9FFE-44F9BC893885\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7174183\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45656\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-29T12:49:39.474068Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-29T12:49:47.731Z\"}}], \"cna\": {\"title\": \"IBM Flexible Service Processor hard coded credentials\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*\", \"cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*\", \"cpe:2.3:o:ibm:power9_system_firmware:fw1030.00:*:*:*:*:*:*:*\", \"cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*\", \"cpe:2.3:o:ibm:power9_system_firmware:fw860.00:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Flexible Service Processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"FW860.00\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW860.B3\"}, {\"status\": \"affected\", \"version\": \"FW950.00\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW950.C0\"}, {\"status\": \"affected\", \"version\": \"FW1030.00\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW1030.61\"}, {\"status\": \"affected\", \"version\": \"FW1050.00\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW1050.21\"}, {\"status\": \"affected\", \"version\": \"FW1060.00\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW1060.10\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7174183\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798 Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-10-29T00:37:16.004Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45656\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-02T03:55:32.353Z\", \"dateReserved\": \"2024-09-03T13:50:26.296Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2024-10-29T00:37:16.004Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.