CVE-2014-4752

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232	Vendor Advisory
http://secunia.com/advisories/54512

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ibm:system_networking_rackswitch__g8332_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_networking_rackswitch__g8332:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ibm:bladecenter_1g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter_1g:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:ibm:system_networking_rackswitch__g8052_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__g8124_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__g8124e_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__g8264_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__g8264t_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__g8124er_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__g8316_firmware::::::::

OR	cpe:2.3:h:ibm:system_networking_rackswitch__g8052:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__g8124:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__g8124e:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__g8124er:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__g8316:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__g8264:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__g8264t:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:ibm:bladecenter_1\/10g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter_1\/10g:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ibm:flex_system_interconnect_fabric_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system_interconnect_fabric:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ibm:bladecenter_1g_l2-7_slb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter_1g_l2-7_slb:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ibm:system_networking_rackswitch__g8332_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:system_networking_rackswitch__g8332:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ibm:bladecenter_10g_vfsm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter_10g_vfsm:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:ibm:system_networking_rackswitch__en4093_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__en4093r_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__si4093_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__g8264cs_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__cn4093_firmware::::::::
	cpe:2.3:o:ibm:system_networking_rackswitch__en2092_firmware::::::::

OR	cpe:2.3:h:ibm:system_networking_rackswitch__en4093:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__en4093r:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__cn4093:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__si4093:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__g8264cs:-:::::::*
	cpe:2.3:h:ibm:system_networking_rackswitch__en2092:-:::::::*

Configuration 10 (hide)

AND

cpe:2.3:o:ibm:server_connectivity_module_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:server_connectivity_module:-:*:*:*:*:*:*:*

Information

Published : 2014-09-23 15:55

Updated : 2015-11-27 10:13

NVD link : CVE-2014-4752

Mitre link : CVE-2014-4752

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ibm

system_networking_rackswitch__g8264cs
system_networking_rackswitch__en4093r_firmware
system_networking_rackswitch__g8264t
system_networking_rackswitch__en2092
bladecenter_1g_l2-7_slb
system_networking_rackswitch__en4093
system_networking_rackswitch__g8332_firmware
system_networking_rackswitch__g8052
system_networking_rackswitch__g8124_firmware
bladecenter_1\/10g
system_networking_rackswitch__g8124
system_networking_rackswitch__en4093r
server_connectivity_module_firmware
bladecenter_10g_vfsm_firmware
system_networking_rackswitch__cn4093_firmware
system_networking_rackswitch__g8052_firmware
system_networking_rackswitch__cn4093
system_networking_rackswitch__g8264
system_networking_rackswitch__en4093_firmware
server_connectivity_module
system_networking_rackswitch__g8264_firmware
bladecenter_1\/10g_firmware
system_networking_rackswitch__si4093_firmware
system_networking_rackswitch__en2092_firmware
system_networking_rackswitch__g8124e
system_networking_rackswitch__g8316
system_networking_rackswitch__g8124er
bladecenter_1g_firmware
bladecenter_1g
system_networking_rackswitch__g8332
flex_system_interconnect_fabric
system_networking_rackswitch__si4093
system_networking_rackswitch__g8124er_firmware
bladecenter_1g_l2-7_slb_firmware
bladecenter_10g_vfsm
system_networking_rackswitch__g8124e_firmware
flex_system_interconnect_fabric_firmware
system_networking_rackswitch__g8264t_firmware
system_networking_rackswitch__g8316_firmware
system_networking_rackswitch__g8264cs_firmware

10.0 /10