Vulnerability Description
The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Bladecenter | hs22 |
| Ibm | Flex System X220 Compute Node | - |
| Ibm | Flex System X240 Compute Node | - |
| Ibm | Flex System X440 Compute Node | - |
| Ibm | System X Idataplex Dx360 M2 Server | - |
| Ibm | System X Idataplex Dx360 M3 Server | - |
| Ibm | System X Idataplex Dx360 M4 Server | - |
| Ibm | System X3100 M4 | - |
| Ibm | System X3200 M3 | - |
| Ibm | System X3250 M3 | - |
| Ibm | System X3250 M4 | - |
| Ibm | System X3400 M2 | - |
| Ibm | System X3400 M3 | - |
| Ibm | System X3500 M2 | - |
| Ibm | System X3500 M3 | - |
| Ibm | System X3500 M4 | - |
| Ibm | System X3530 M4 | - |
| Ibm | System X3550 M2 | - |
| Ibm | System X3550 M3 | - |
| Ibm | System X3550 M4 | - |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86172
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093463Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86172
FAQ
What is CVE-2013-4031?
CVE-2013-4031 is a vulnerability with a CVSS score of 10.0 (HIGH). The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex...
How severe is CVE-2013-4031?
CVE-2013-4031 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4031?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Bladecenter, Ibm Flex System X220 Compute Node, Ibm Flex System X240 Compute Node, Ibm Flex System X440 Compute Node, Ibm System X Idataplex Dx360 M2 Server.