PT-2024-26327 · Openbmc · Openbmc
Published
2024-08-13
·
Updated
2024-08-22
·
CVE-2024-35124
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenBMC versions FW1020.00 through FW1020.60
OpenBMC versions FW1030.00 through FW1030.50
OpenBMC versions FW1050.00 through FW1050.10
Description
A vulnerability in the combination of OpenBMC's default password and session management allows an attacker to gain administrative access to the BMC. This issue affects multiple firmware versions of OpenBMC.
Recommendations
For OpenBMC versions FW1020.00 through FW1020.60, update to a version that fixes the default password and session management issue.
For OpenBMC versions FW1030.00 through FW1030.50, update to a version that fixes the default password and session management issue.
For OpenBMC versions FW1050.00 through FW1050.10, update to a version that fixes the default password and session management issue.
As a temporary workaround, consider restricting access to the BMC to minimize the risk of exploitation.
Fix
Missing Authentication
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openbmc