Vulnerability Description
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Open Power | op910 |
| Ibm | Power System 8335-Gth | - |
| Ibm | Power System 8335-Gtx | - |
| Ibm | Power System 8335-Gtc | - |
| Ibm | Power System 8335-Gtg | - |
| Ibm | Power System 8335-Gtw | - |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=ibm10881209Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/158702VDB EntryVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=ibm10881209Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/158702VDB EntryVendor Advisory
FAQ
What is CVE-2019-4169?
CVE-2019-4169 is a vulnerability with a CVSS score of 9.1 (CRITICAL). IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.
How severe is CVE-2019-4169?
CVE-2019-4169 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-4169?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Open Power, Ibm Power System 8335-Gth, Ibm Power System 8335-Gtx, Ibm Power System 8335-Gtc, Ibm Power System 8335-Gtg.