CVE-2024-35124 (GCVE-0-2024-35124)

Vulnerability from cvelistv5 – Published: 2024-08-13 11:14 – Updated: 2024-08-13 13:07
VLAI?
Summary
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM OpenBMC Affected: FW1050.00 , ≤ FW1050.10 (semver)
Affected: FW1030.00 , ≤ FW1030.50 (semver)
Affected: FW1020.00 , ≤ FW1020.60 (semver)
    cpe:2.3:o:ibm:openbmc:FW1020.00:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:openbmc:FW1020.60:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:openbmc:FW1030.00:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:openbmc:FW1030.50:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:openbmc:FW1050.00:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:openbmc:FW1050.10:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35124",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T13:06:48.493514Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T13:07:10.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:ibm:openbmc:FW1020.00:*:*:*:*:*:*:*",
            "cpe:2.3:o:ibm:openbmc:FW1020.60:*:*:*:*:*:*:*",
            "cpe:2.3:o:ibm:openbmc:FW1030.00:*:*:*:*:*:*:*",
            "cpe:2.3:o:ibm:openbmc:FW1030.50:*:*:*:*:*:*:*",
            "cpe:2.3:o:ibm:openbmc:FW1050.00:*:*:*:*:*:*:*",
            "cpe:2.3:o:ibm:openbmc:FW1050.10:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "OpenBMC",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "FW1050.10",
              "status": "affected",
              "version": "FW1050.00",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "FW1030.50",
              "status": "affected",
              "version": "FW1030.00",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "FW1020.60",
              "status": "affected",
              "version": "FW1020.00",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in the combination of the OpenBMC\u0027s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC.  IBM X-Force ID:  290674."
            }
          ],
          "value": "A vulnerability in the combination of the OpenBMC\u0027s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC.  IBM X-Force ID:  290674."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T11:14:40.227Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7163195"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM OpenBMC authentication bypass",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-35124",
    "datePublished": "2024-08-13T11:14:40.227Z",
    "dateReserved": "2024-05-09T16:27:14.739Z",
    "dateUpdated": "2024-08-13T13:07:10.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"fw1020.00\", \"versionEndIncluding\": \"fw1020.60\", \"matchCriteriaId\": \"2822802F-0AC9-43FA-807D-72B48CD7B61F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"fw1030.00\", \"versionEndIncluding\": \"fw1030.50\", \"matchCriteriaId\": \"40CAE3FC-6661-4AEB-8D03-A00CE25994C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"fw1050.00\", \"versionEndIncluding\": \"fw1050.10\", \"matchCriteriaId\": \"E30757DE-5CEA-4705-8EAA-486363521FF3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the combination of the OpenBMC\u0027s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC.  IBM X-Force ID:  290674.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la combinaci\\u00f3n de la contrase\\u00f1a predeterminada y la administraci\\u00f3n de sesiones de FW1050.00 a FW1050.10, FW1030.00 a FW1030.50 y FW1020.00 a FW1020.60 de OpenBMC permite a un atacante obtener acceso administrativo al BMC. ID de IBM X-Force: 290674.\"}]",
      "id": "CVE-2024-35124",
      "lastModified": "2024-08-22T13:31:16.353",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}]}",
      "published": "2024-08-13T12:15:06.163",
      "references": "[{\"url\": \"https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7163195\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-288\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-35124\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-08-13T12:15:06.163\",\"lastModified\":\"2024-08-22T13:31:16.353\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the combination of the OpenBMC\u0027s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC.  IBM X-Force ID:  290674.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la combinaci\u00f3n de la contrase\u00f1a predeterminada y la administraci\u00f3n de sesiones de FW1050.00 a FW1050.10, FW1030.00 a FW1030.50 y FW1020.00 a FW1020.60 de OpenBMC permite a un atacante obtener acceso administrativo al BMC. ID de IBM X-Force: 290674.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"fw1020.00\",\"versionEndIncluding\":\"fw1020.60\",\"matchCriteriaId\":\"2822802F-0AC9-43FA-807D-72B48CD7B61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"fw1030.00\",\"versionEndIncluding\":\"fw1030.50\",\"matchCriteriaId\":\"40CAE3FC-6661-4AEB-8D03-A00CE25994C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:openbmc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"fw1050.00\",\"versionEndIncluding\":\"fw1050.10\",\"matchCriteriaId\":\"E30757DE-5CEA-4705-8EAA-486363521FF3\"}]}]}],\"references\":[{\"url\":\"https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7163195\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-35124\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-13T13:06:48.493514Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-13T13:06:53.563Z\"}}], \"cna\": {\"title\": \"IBM OpenBMC authentication bypass\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:ibm:openbmc:FW1020.00:*:*:*:*:*:*:*\", \"cpe:2.3:o:ibm:openbmc:FW1020.60:*:*:*:*:*:*:*\", \"cpe:2.3:o:ibm:openbmc:FW1030.00:*:*:*:*:*:*:*\", \"cpe:2.3:o:ibm:openbmc:FW1030.50:*:*:*:*:*:*:*\", \"cpe:2.3:o:ibm:openbmc:FW1050.00:*:*:*:*:*:*:*\", \"cpe:2.3:o:ibm:openbmc:FW1050.10:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"OpenBMC\", \"versions\": [{\"status\": \"affected\", \"version\": \"FW1050.00\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW1050.10\"}, {\"status\": \"affected\", \"version\": \"FW1030.00\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW1030.50\"}, {\"status\": \"affected\", \"version\": \"FW1020.00\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"FW1020.60\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7163195\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the combination of the OpenBMC\u0027s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC.  IBM X-Force ID:  290674.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A vulnerability in the combination of the OpenBMC\u0027s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC.  IBM X-Force ID:  290674.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-288\", \"description\": \"CWE-288\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-08-13T11:14:40.227Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-35124\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-13T13:07:10.798Z\", \"dateReserved\": \"2024-05-09T16:27:14.739Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2024-08-13T11:14:40.227Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.