製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の IBM 製品におけるアクセス権を取得される脆弱性

Title	複数の IBM 製品におけるアクセス権を取得される脆弱性
Summary	IBM System Networking、Flex System Interconnect Fabric およびその他の IBM 製品は、ハードコードされた認証情報を持つため、アクセス権を取得される脆弱性が存在します。補足情報 : CWE による脆弱性タイプは、CWE-798: Use of Hard-coded Credentials (ハードコードされた認証情報の使用) と識別されています。 http://cwe.mitre.org/data/definitions/798.html
Possible impacts	第三者により、アクセス権を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 7, 2014, midnight
Registration Date	Sept. 26, 2014, 6:43 p.m.
Last Update	Sept. 26, 2014, 6:43 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

IBM

IBM 1G L2-7 SLB switch for Bladecenter

IBM 1G L2-7 SLB switch for Bladecenter ファームウェア 21.0.21.0 未満

IBM 1G switch for Bladecenter

IBM 1G switch for Bladecenter ファームウェア 5.3.5.0 未満

IBM BladeCenter 1/10G Uplink Ethernet スイッチ・モジュール

IBM BladeCenter 1/10G Uplink Ethernet スイッチ・モジュールファームウェア 7.4.8.0 未満

IBM BladeCenter Server Connectivity Module

IBM BladeCenter Server Connectivity Module ファームウェア 1.1.3.4 未満

IBM Flex System EN2092 1Gb Ethernet Scalable Switch

IBM Flex System EN2092 1Gb Ethernet Scalable Switch ファームウェア 7.8.6.0 未満

IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch

IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch ファームウェア 7.8.6.0 未満

IBM Flex System Fabric EN4093 10Gb Scalable Switch

IBM Flex System Fabric EN4093 10Gb Scalable Switch ファームウェア 7.8.6.0 未満

IBM Flex System Fabric EN4093R 10Gb Scalable Switch

IBM Flex System Fabric EN4093R 10Gb Scalable Switch ファームウェア 7.8.6.0 未満

IBM Flex System Fabric SI4093 System Interconnect Module

IBM Flex System Fabric SI4093 System Interconnect Module ファームウェア 7.8.6.0 未満

IBM Flex System Interconnect Fabric

IBM Flex System Interconnect Fabric ファームウェア 21.0.21.0 未満

IBM System Networking RackSwitch G8000

IBM System Networking RackSwitch G8000 ファームウェア 7.1.7.0 未満

IBM System Networking RackSwitch G8052

IBM System Networking RackSwitch G8052 ファームウェア 7.9.10.0 未満

IBM System Networking RackSwitch G8124

IBM System Networking RackSwitch G8124 ファームウェア 7.9.10.0 未満

IBM System Networking RackSwitch G8124E

IBM System Networking RackSwitch G8124E ファームウェア 7.9.10.0 未満

IBM System Networking RackSwitch G8124ER

IBM System Networking RackSwitch G8124ER ファームウェア 7.9.10.0 未満

IBM System Networking RackSwitch G8264

IBM System Networking RackSwitch G8264 ファームウェア 7.9.10.0 未満

IBM System Networking RackSwitch G8264CS

IBM System Networking RackSwitch G8264CS ファームウェア 7.8.6.0 未満

IBM System Networking RackSwitch G8264T

IBM System Networking RackSwitch G8264T ファームウェア 7.9.10.0 未満

IBM System Networking RackSwitch G8316

IBM System Networking RackSwitch G8316 ファームウェア 7.9.10.0 未満

IBM System Networking RackSwitch G8332

IBM System Networking RackSwitch G8332 ファームウェア 7.7.17.0 未満

IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter

IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter ファームウェア 7.8.14.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-4752	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4752
National Vulnerability Database (NVD)
2	CVE-2014-4752	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4752

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
IBM Security Bulletin
1	Backdoor Access Vulnerability in IBM System Networking Products (CVE- 2014-4752)	http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232

Change Log

No	Changed Details	Date of change
0	[2014年09月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-4752

Summary	IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
Publication Date	Sept. 24, 2014, 7:55 a.m.
Registration Date	Jan. 26, 2021, 3:13 p.m.
Last Update	Nov. 21, 2024, 11:10 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:ibm:system_networking_rackswitch__g8332_firmware::::::::		7.7.16.0
cpe:2.3:h:ibm:system_networking_rackswitch__g8332:-:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:ibm:bladecenter_1g_firmware::::::::		5.3.4.0
cpe:2.3:h:ibm:bladecenter_1g:-:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:ibm:system_networking_rackswitch__g8052_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8124_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8124e_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8124er_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8264_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8264t_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8316_firmware::::::::		7.9.1.0
cpe:2.3:h:ibm:system_networking_rackswitch__g8052:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8124:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8124e:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8124er:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8264:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8264t:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8316:-:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:ibm:bladecenter_1\/10g_firmware::::::::		7.4.7.0
cpe:2.3:h:ibm:bladecenter_1\/10g:-:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:ibm:flex_system_interconnect_fabric_firmware::::::::		7.8.5.0
cpe:2.3:h:ibm:flex_system_interconnect_fabric:-:::::::*

Configuration6	or higher	or less	more than	less than
cpe:2.3:o:ibm:bladecenter_1g_l2-7_slb_firmware::::::::		21.0.20.0
cpe:2.3:h:ibm:bladecenter_1g_l2-7_slb:-:::::::*

Configuration7	or higher	or less	more than	less than
cpe:2.3:o:ibm:system_networking_rackswitch__g8332_firmware::::::::		7.1.6.0
cpe:2.3:h:ibm:system_networking_rackswitch__g8332:-:::::::*

Configuration8	or higher	or less	more than	less than
cpe:2.3:o:ibm:bladecenter_10g_vfsm_firmware::::::::		7.8.6.0
cpe:2.3:h:ibm:bladecenter_10g_vfsm:-:::::::*

Configuration9	or higher	or less	more than	less than
cpe:2.3:o:ibm:system_networking_rackswitch__cn4093_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__en2092_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__en4093_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__en4093r_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8264cs_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__si4093_firmware::::::::		7.8.5.0
cpe:2.3:h:ibm:system_networking_rackswitch__cn4093:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__en2092:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__en4093:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__en4093r:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8264cs:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__si4093:-:::::::*

Configuration10	or higher	or less	more than	less than
cpe:2.3:o:ibm:server_connectivity_module_firmware::::::::		1.1.3.0
cpe:2.3:h:ibm:server_connectivity_module:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://secunia.com/advisories/54512
2	http://secunia.com/advisories/54512
3	http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232	Vendor Advisory
4	http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232	Vendor Advisory

Common Vulnerabilities List

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:ibm:system_networking_rackswitch__g8052_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8124_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8124e_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8124er_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8264_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8264t_firmware::::::::		7.9.1.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8316_firmware::::::::		7.9.1.0
cpe:2.3:h:ibm:system_networking_rackswitch__g8052:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8124:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8124e:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8124er:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8264:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8264t:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8316:-:::::::*

Configuration9	or higher	or less	more than	less than
cpe:2.3:o:ibm:system_networking_rackswitch__cn4093_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__en2092_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__en4093_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__en4093r_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__g8264cs_firmware::::::::		7.8.5.0
cpe:2.3:o:ibm:system_networking_rackswitch__si4093_firmware::::::::		7.8.5.0
cpe:2.3:h:ibm:system_networking_rackswitch__cn4093:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__en2092:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__en4093:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__en4093r:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__g8264cs:-:::::::*
cpe:2.3:h:ibm:system_networking_rackswitch__si4093:-:::::::*