CVE-2024-45656

Name of the Vulnerable Software and Affected Versions: IBM Flexible Service Processor (FSP) versions FW860.00 through FW860.B3 IBM Flexible Service Processor (FSP) versions FW950.00 through FW950.C0 IBM Flexible Service Processor (FSP) versions FW1030.00 through FW1030.61 IBM Flexible Service Processor (FSP) versions FW1050.00 through FW1050.21 IBM Flexible Service Processor (FSP) versions FW1060.00 through FW1060.10

Description: The issue is related to the use of static credentials in the IBM Flexible Service Processor (FSP) firmware, which may allow network users to gain service privileges to the FSP. This could potentially lead to unauthorized access and full control over affected systems. The vulnerability is considered critical and may allow attackers to steal confidential data, disrupt operations, and deliver malicious software.

Recommendations: For IBM Flexible Service Processor (FSP) versions FW860.00 through FW860.B3, update the firmware to a version that is not affected by the static credentials issue. For IBM Flexible Service Processor (FSP) versions FW950.00 through FW950.C0, update the firmware to a version that is not affected by the static credentials issue. For IBM Flexible Service Processor (FSP) versions FW1030.00 through FW1030.61, update the firmware to a version that is not affected by the static credentials issue. For IBM Flexible Service Processor (FSP) versions FW1050.00 through FW1050.21, update the firmware to a version that is not affected by the static credentials issue. For IBM Flexible Service Processor (FSP) versions FW1060.00 through FW1060.10, update the firmware to a version that is not affected by the static credentials issue. As a temporary workaround, consider restricting access to the FSP until a patch is available.