IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.
FSP (Flexible Service Processor) is a dedicated service processor in IBM Power servers, responsible for low-level hardware management. In vulnerable firmware versions, static credentials are hardcoded and are not uniquely generated for each device. An attacker with network access to the FSP interface can use these fixed credentials to authenticate and gain service privileges without knowledge of passwords configured by the administrator.
An attacker can gain privileged service access to the FSP processor, which potentially allows full control over server hardware management, including manipulation of hardware configuration, reading of sensitive data, and disruption of system availability.
Apply patches available from the manufacturer according to the references (https://www.ibm.com/support/pages/node/7174183). Additionally, it is recommended to restrict network access to FSP interfaces exclusively to trusted management networks and implement network segmentation to prevent unauthorized access to these interfaces.
IBM Flexible Service Processor (FSP) in firmware versions: FW860.00–FW860.B3, FW950.00–FW950.C0, FW1030.00–FW1030.61, FW1050.00–FW1050.21, and FW1060.00–FW1060.10. Affects IBM Power System E1080 (9080-HEX) and IBM Power System L922 (9008-22L) servers.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIBM Ess 5000 \(5105 22e\)
HWIbmwszystkie wersjeIBM Ess 5000 \(5105 22e\) Firmware
OSIbmFW950.00 – FW950.C0IBM Power System E1080 \(9080 Hex\)
HWIbmwszystkie wersjeIBM Power System E1080 \(9080 Hex\) Firmware
OSIbmFW1030.00 – FW1030.61FW1060.00 – FW1060.10FW1050.00 – FW1050.21IBM Power System E850 \(8408 E8e\)
HWIbmwszystkie wersjeIBM Power System E850 \(8408 E8e\) Firmware
OSIbmFW860.00 – FW860.B3IBM Power System E850c \(8408 44e\)
HWIbmwszystkie wersjeIBM Power System E850c \(8408 44e\) Firmware
OSIbmFW860.00 – FW860.B3IBM Power System E870 \(9119 Mme\)
HWIbmwszystkie wersjeIBM Power System E870 \(9119 Mme\) Firmware
OSIbmFW860.00 – FW860.B3IBM Power System E870c \(9080 Mme\)
HWIbmwszystkie wersjeIBM Power System E870c \(9080 Mme\) Firmware
OSIbmFW860.00 – FW860.B3IBM Power System E880 \(9119 Mhe\)
HWIbmwszystkie wersjeIBM Power System E880 \(9119 Mhe\) Firmware
OSIbmFW860.00 – FW860.B3IBM Power System E880c \(9080 Mhe\)
HWIbmwszystkie wersjeIBM Power System E880c \(9080 Mhe\) Firmware
OSIbmFW860.00 – FW860.B3IBM Power System E950 \(9040 Mr9\)
HWIbmwszystkie wersjeIBM Power System E950 \(9040 Mr9\) Firmware
OSIbmFW950.00 – FW950.C0IBM Power System E980 \(9080 M9s\)
HWIbmwszystkie wersjeIBM Power System E980 \(9080 M9s\) Firmware
OSIbmFW950.00 – FW950.C0IBM Power System H922 \(9223 22h\)
HWIbmwszystkie wersjeIBM Power System H922 \(9223 22h\) Firmware
OSIbmFW950.00 – FW950.C0IBM Power System H922 \(9223 22s\)
HWIbmwszystkie wersjeIBM Power System H922 \(9223 22s\) Firmware
OSIbmFW950.00 – FW950.C0IBM Power System H924 \(9223 42h\)
HWIbmwszystkie wersjeIBM Power System H924 \(9223 42h\) Firmware
OSIbmFW950.00 – FW950.C0IBM Power System H924 \(9223 42s\)
HWIbmwszystkie wersjeIBM Power System H924 \(9223 42s\) Firmware
OSIbmFW950.00 – FW950.C0IBM Power System L922 \(9008 22l\)
HWIbmwszystkie wersjeIBM Power System L922 \(9008 22l\) Firmware
OSIbmFW950.00 – FW950.C0
Related vulnerabilities
IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40...
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating t...
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass sec...
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute ar...