← Back

CVE-2014-0860

nvd nist
Published: Jul 7, 2014Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.

Affected (6)

Ibm
6 products
Integrated Management Module Firmware
Integrated Management Module
Advanced Management Module Firmware
Advanced Management Module
Integrated Management Module Ii Firmware
Integrated Management Module Ii
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Integrated Management Module Firmware
Up to 1.36
Integrated Management Module
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Advanced Management Module Firmware
Up to 3.65
Advanced Management Module
All versions
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Integrated Management Module Ii Firmware
Up to 3.65
Integrated Management Module Ii
All versions

Related CWEs

CWE-310
CWE-310

References (4)

Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.