Learn about CVE-2019-4169, a vulnerability in IBM Open Power Firmware versions OP910 and OP920 allowing unauthorized BMC access via IPMI using default password. High severity with CVSS base score of 8.1.
This CVE involves a vulnerability in IBM Open Power Firmware versions OP910 and OP920 that allows access to the BMC via IPMI using the default OpenBMC password, even after changing it. The CVSS base score is 8.1 (High Severity).
Understanding CVE-2019-4169
This CVE was published on August 16, 2019, by IBM X-Force under ID 158702.
What is CVE-2019-4169?
The default OpenBMC password can be exploited to access the BMC via IPMI, even after changing the BMC password away from the default one.
The Impact of CVE-2019-4169
Technical Details of CVE-2019-4169
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability allows unauthorized access to the BMC via IPMI using the default OpenBMC password, even after changing it.
Affected Systems and Versions
Exploitation Mechanism
The exploit involves utilizing the default OpenBMC password to gain unauthorized access to the BMC via IPMI.
Mitigation and Prevention
It is crucial to take immediate steps to address and prevent the exploitation of this vulnerability.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates
Apply official fixes and updates provided by IBM to address this vulnerability.