Vulnerabilities > CVE-2018-18202 - Unspecified vulnerability in IBM products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ibm

critical

NVD

Published: 2018-10-10

Updated: 2024-11-21

Summary

The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM Qlogic 4 GB Fibre Channel Expansion Card Firmware 5.5.2.6.0 IBM Qlogic 20 Port 4/8 GB SAN Switch Module Firmware 7.10.1.20.0	2
Hardware	Ibm IBM Qlogic 4 GB Fibre Channel Expansion Card - IBM Qlogic 20 Port 4/8 GB SAN Switch Module -	2

References

http://misteralfa-hack.blogspot.com/2018/10/ibm-bladecenter-qlogic-4g-fibre-channel.html
http://misteralfa-hack.blogspot.com/2018/10/ibm-bladecenter-qlogic-4g-fibre-channel.html