Vulnerability Description
IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Storwize V7000 Software | 6.3.0.0 |
| Ibm | Storwize V7000 | - |
| Ibm | Flex System V7000 Software | 6.4.1.2 |
| Ibm | Flex System V7000 | - |
| Ibm | Storwize V3700 Software | 6.4.1.0 |
| Ibm | Storwize V3700 | - |
| Ibm | Storwize V3500 Software | 6.4.1.0 |
| Ibm | Storwize V3500 | - |
| Ibm | San Volume Controller Software | 6.1.0.0 |
| Ibm | San Volume Controller | - |
| Ibm | Storwize V5000 Software | 7.1.0.2 |
| Ibm | Storwize V5000 | - |
References
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91145
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91145
FAQ
What is CVE-2014-0880?
CVE-2014-0880 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI...
How severe is CVE-2014-0880?
CVE-2014-0880 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0880?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Storwize V7000 Software, Ibm Storwize V7000, Ibm Flex System V7000 Software, Ibm Flex System V7000, Ibm Storwize V3700 Software.