CVE-2014-4752

Name of the Vulnerable Software and Affected Versions IBM System Networking G8052 versions prior to 7.9.10.0 IBM System Networking G8124 versions prior to 7.9.10.0 IBM System Networking G8124-E versions prior to 7.9.10.0 IBM System Networking G8124-ER versions prior to 7.9.10.0 IBM System Networking G8264 versions prior to 7.9.10.0 IBM System Networking G8316 versions prior to 7.9.10.0 IBM System Networking G8264-T versions prior to 7.9.10.0 EN4093 switches versions prior to 7.8.6.0 EN4093R switches versions prior to 7.8.6.0 CN4093 switches versions prior to 7.8.6.0 SI4093 switches versions prior to 7.8.6.0 EN2092 switches versions prior to 7.8.6.0 G8264CS switches versions prior to 7.8.6.0 Flex System Interconnect Fabric versions prior to 7.8.6.0 1G L2-7 SLB switch for Bladecenter versions prior to 21.0.21.0 10G VFSM for Bladecenter versions prior to 7.8.14.0 1:10G switch for Bladecenter versions prior to 7.4.8.0 1G switch for Bladecenter versions prior to 5.3.5.0 Server Connectivity Module versions prior to 1.1.3.4 System Networking RackSwitch G8332 versions prior to 7.7.17.0 System Networking RackSwitch G8000 versions prior to 7.1.7.0

Description The issue is related to hardcoded credentials in the affected devices, which makes it easier for remote attackers to obtain access. The exact vectors used for the attack are not specified.

Recommendations For IBM System Networking G8052, update to version 7.9.10.0 or later. For IBM System Networking G8124, update to version 7.9.10.0 or later. For IBM System Networking G8124-E, update to version 7.9.10.0 or later. For IBM System Networking G8124-ER, update to version 7.9.10.0 or later. For IBM System Networking G8264, update to version 7.9.10.0 or later. For IBM System Networking G8316, update to version 7.9.10.0 or later. For IBM System Networking G8264-T, update to version 7.9.10.0 or later. For EN4093 switches, update to version 7.8.6.0 or later. For EN4093R switches, update to version 7.8.6.0 or later. For CN4093 switches, update to version 7.8.6.0 or later. For SI4093 switches, update to version 7.8.6.0 or later. For EN2092 switches, update to version 7.8.6.0 or later. For G8264CS switches, update to version 7.8.6.0 or later. For Flex System Interconnect Fabric, update to version 7.8.6.0 or later. For 1G L2-7 SLB switch for Bladecenter, update to version 21.0.21.0 or later. For 10G VFSM for Bladecenter, update to version 7.8.14.0 or later. For 1:10G switch for Bladecenter, update to version 7.4.8.0 or later. For 1G switch for Bladecenter, update to version 5.3.5.0 or later. For Server Connectivity Module, update to version 1.1.3.4 or later. For System Networking RackSwitch G8332, update to version 7.7.17.0 or later. For System Networking RackSwitch G8000, update to version 7.1.7.0 or later.