PT-2018-14364 · Qlogic+1 · Qlogic 4Gb Fibre Channel+2
Published
2018-10-10
·
Updated
2019-10-03
·
CVE-2018-18202
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QLogic 4Gb Fibre Channel version 5.5.2.6.0
QLogic 4/8Gb SAN version 7.10.1.20.0
Description
The issue concerns the presence of undocumented accounts in the QLogic modules for IBM BladeCenter. Specifically, there are undocumented support, diags, and prom accounts, each with their respective passwords.
Recommendations
For QLogic 4Gb Fibre Channel version 5.5.2.6.0, consider disabling the undocumented accounts to minimize the risk of exploitation.
For QLogic 4/8Gb SAN version 7.10.1.20.0, restrict access to the undocumented accounts until a fix is available.
As a temporary workaround, avoid using the undocumented support, diags, and prom accounts until the issue is resolved.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Bladecenter
Qlogic 4/8Gb San
Qlogic 4Gb Fibre Channel