CVE-2018-18202

Name of the Vulnerable Software and Affected Versions QLogic 4Gb Fibre Channel version 5.5.2.6.0 QLogic 4/8Gb SAN version 7.10.1.20.0

Description The issue concerns the presence of undocumented accounts in the QLogic modules for IBM BladeCenter. Specifically, there are undocumented support, diags, and prom accounts, each with their respective passwords.

Recommendations For QLogic 4Gb Fibre Channel version 5.5.2.6.0, consider disabling the undocumented accounts to minimize the risk of exploitation. For QLogic 4/8Gb SAN version 7.10.1.20.0, restrict access to the undocumented accounts until a fix is available. As a temporary workaround, avoid using the undocumented support, diags, and prom accounts until the issue is resolved.