Op920

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

ibm

CWE-1188

critical

NVD

Published: 2019-08-26

Updated: 2022-12-09

Summary

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM Open Power Op910 IBM Open Power Op920	2
Hardware	Ibm IBM Power System 8335 GTH - IBM Power System 8335 GTX - IBM Power System 8335 GTC - IBM Power System 8335 GTG - IBM Power System 8335 GTW -	5

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/158702
http://www.ibm.com/support/docview.wss?uid=ibm10881209