Vulnerabilities > CVE-2018-18202 - Unspecified vulnerability in IBM products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

NVD

Published: 2018-10-10

Updated: 2019-10-03

Summary

The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM Qlogic 4 GB Fibre Channel Expansion Card Firmware 5.5.2.6.0 IBM Qlogic 20 Port 4/8 GB SAN Switch Module Firmware 7.10.1.20.0	2
Hardware	Ibm IBM Qlogic 4 GB Fibre Channel Expansion Card - IBM Qlogic 20 Port 4/8 GB SAN Switch Module -	2

References

http://misteralfa-hack.blogspot.com/2018/10/ibm-bladecenter-qlogic-4g-fibre-channel.html