CVE-2014-0860

Name of the Vulnerable Software and Affected Versions IBM BladeCenter Advanced Management Module (AMM) versions prior to 3.66E IBM Integrated Management Module (IMM) versions prior to 1.43 IBM Integrated Management Module II (IMM2) versions prior to 4.15

Description The issue allows attackers to execute arbitrary IPMI commands and establish a blade remote-control session by leveraging access to the chassis internal network or the Ethernet-over-USB interface. This is possible due to cleartext IPMI credentials in the firmware.

Recommendations For IBM BladeCenter Advanced Management Module (AMM) versions prior to 3.66E, update to version 3.66E or later. For IBM Integrated Management Module (IMM) versions prior to 1.43, update to version 1.43 or later. For IBM Integrated Management Module II (IMM2) versions prior to 4.15, update to version 4.15 or later.