CVE-2019-4169
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
IBM Open Power versiones de Firmware OP910 y OP920, podrían permitir el acceso a BMC por medio de IPMI usando la contraseña OpenBMC predeterminada incluso después de que la contraseña de BMC fue cambiada alejada de la contraseña predeterminada. ID de IBM X-Force: 158702.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-03 CVE Reserved
- 2019-08-26 CVE Published
- 2023-05-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1188: Initialization of a Resource with an Insecure Default
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10881209 | 2022-12-09 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158702 | 2022-12-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Open Power Search vendor "Ibm" for product "Open Power" | op910 Search vendor "Ibm" for product "Open Power" and version "op910" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power System 8335-gth Search vendor "Ibm" for product "Power System 8335-gth" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Open Power Search vendor "Ibm" for product "Open Power" | op910 Search vendor "Ibm" for product "Open Power" and version "op910" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power System 8335-gtx Search vendor "Ibm" for product "Power System 8335-gtx" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Open Power Search vendor "Ibm" for product "Open Power" | op920 Search vendor "Ibm" for product "Open Power" and version "op920" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power System 8335-gtc Search vendor "Ibm" for product "Power System 8335-gtc" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Open Power Search vendor "Ibm" for product "Open Power" | op920 Search vendor "Ibm" for product "Open Power" and version "op920" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power System 8335-gtg Search vendor "Ibm" for product "Power System 8335-gtg" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Open Power Search vendor "Ibm" for product "Open Power" | op920 Search vendor "Ibm" for product "Open Power" and version "op920" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power System 8335-gtw Search vendor "Ibm" for product "Power System 8335-gtw" | - | - |
Safe
|