CVE-2019-4169

Published Aug 26, 2019

Last updated 2 years ago

CVSS critical 9.1

Overview

Description: IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
Source: psirt@us.ibm.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

CVSS 3.0

Type: Secondary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-1188

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:open_power:op910:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F3B26BC-5604-4A21-8AFB-3AC335E16702"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:power_system_8335-gth:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "020E8012-A5E1-4608-9248-EAC5C313EE83"
          },
          {
            "criteria": "cpe:2.3:h:ibm:power_system_8335-gtx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FA970AF4-5273-4313-9D28-EBF6837B1C49"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:open_power:op920:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C947BFFE-58C7-4BD0-A4B0-098632CC91D5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:power_system_8335-gtc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "124269C0-684F-450C-9F6F-8D93CDF15195"
          },
          {
            "criteria": "cpe:2.3:h:ibm:power_system_8335-gtg:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ED94E013-0BF7-4800-9598-E3734A83731B"
          },
          {
            "criteria": "cpe:2.3:h:ibm:power_system_8335-gtw:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1796F017-1DF6-463C-ACDF-40111AC65545"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References