{"id": "CVE-2014-4752", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-09-23T22:55:03.653", "references": [{"url": "http://secunia.com/advisories/54512", "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors."}, {"lang": "es", "value": "Switches IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, y G8264-T anterior a 7.9.10.0; Switches EN4093, EN4093R, CN4093, SI4093, EN2092, y G8264CS anterior a 7.8.6.0; Flex System Interconnect Fabric anterior a 7.8.6.0; Switch 1G L2-7 SLB para Bladecenter anterior a 21.0.21.0; 10G VFSM para Bladecenter anterior a 7.8.14.0; Switch 1:10G para Bladecenter anterior a 7.4.8.0; Switch 1G para Bladecenter anterior a 5.3.5.0; Server Connectivity Module anterior a 1.1.3.4; System Networking RackSwitch G8332 anterior a 7.7.17.0; y System Networking RackSwitch G8000 anterior a 7.1.7.0 tienen credenciales embebidas, lo que facilita a atacantes remotos obtener acceso a trav\u00e9s de vectores no especificados."}], "lastModified": "2015-11-27T18:13:06.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8332_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "126B8C13-5889-4683-BD03-47F1859B1098", "versionEndIncluding": "7.7.16.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8332:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "978D82F0-A5CF-4D04-99C8-51A45B4750DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:bladecenter_1g_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDAC29A8-DF40-48B3-998B-56AB1E8F55F2", "versionEndIncluding": "5.3.4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter_1g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02948935-4D8E-49C0-8580-0E7219F47E93"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8052_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ED35D50-A6DD-4036-9BC4-E8C8412C6D80", "versionEndIncluding": "7.9.1.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8124_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60E00C0A-2082-4200-AF29-76CFB30397CA", "versionEndIncluding": "7.9.1.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8124e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DBB3F8B-1385-40E3-8508-AB0F47C6052A", "versionEndIncluding": "7.9.1.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8124er_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B61E4D25-3128-4F67-A4EE-F0DFC3DB98C5", "versionEndIncluding": "7.9.1.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8264_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AC534F7-FBAA-468A-8527-25BFCAB76521", "versionEndIncluding": "7.9.1.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8264t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0501BE9F-EC69-4CF1-855A-9C7389C995EE", "versionEndIncluding": "7.9.1.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8316_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5CD1617-EC31-45A0-84EC-7C651D7FB578", "versionEndIncluding": "7.9.1.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8052:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4DD3FF3-18FF-46F9-842E-23C64E615F19"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8124:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8D8BB0B-9D06-4678-B1CF-3A8F0D350999"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8124e:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70091AC1-C2BC-49C4-910C-26AE34805FD3"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8124er:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7650DF13-AE2C-4010-A90D-EC38F8ED4D8D"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8264:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB2B0C96-5992-413F-B772-E355ADA4F791"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8264t:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2743B8C-898E-4FB5-92A6-0ED0918CBC6B"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8316:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B283425E-C925-49F6-A366-82DF10A43B9F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:bladecenter_1\\/10g_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBD25597-B364-4FE9-B6DB-E23E07183CFD", "versionEndIncluding": "7.4.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter_1\\/10g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CED3F1B-FED2-4213-AB00-9D5DC8988D72"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:flex_system_interconnect_fabric_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C9FBCBF-17F1-4055-93F4-4DC00FDCDD9E", "versionEndIncluding": "7.8.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system_interconnect_fabric:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "760446E8-F069-470B-A605-5F869E242259"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:bladecenter_1g_l2-7_slb_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC90DCF6-E0DE-4D41-9F38-0F9EC00EF676", "versionEndIncluding": "21.0.20.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter_1g_l2-7_slb:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99B67DC5-30CB-4D3F-97F7-21EF75EAE612"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8332_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0103BF95-F624-423A-8C9E-5FA14D644875", "versionEndIncluding": "7.1.6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8332:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "978D82F0-A5CF-4D04-99C8-51A45B4750DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:bladecenter_10g_vfsm_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5821C68-CB3F-4F13-AAF0-C62A743A464F", "versionEndIncluding": "7.8.6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter_10g_vfsm:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52419D7A-9BC6-45ED-963C-EB910F8DA0B7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__cn4093_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "152CBE74-26EA-4A9A-8146-38A19F981ABB", "versionEndIncluding": "7.8.5.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__en2092_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A92D662-D815-4A7C-B291-3277A9607972", "versionEndIncluding": "7.8.5.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__en4093_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AD00FB6-5B15-4103-BF9F-D6AFAA3D15E7", "versionEndIncluding": "7.8.5.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__en4093r_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07189485-C4EE-42D8-9E4B-2BD087D11EAC", "versionEndIncluding": "7.8.5.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__g8264cs_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C34F3089-F2FF-4D9C-B1CB-95673F44CE82", "versionEndIncluding": "7.8.5.0"}, {"criteria": "cpe:2.3:o:ibm:system_networking_rackswitch__si4093_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B000067-7050-4F20-9398-5A2DB8CE7BC7", "versionEndIncluding": "7.8.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__cn4093:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF847D4C-FBE0-47E0-9258-7F2211F865A7"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__en2092:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BB1701F-A205-436A-A283-4612058E2917"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__en4093:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFBFF10E-A95D-4677-B3A1-94FFFC2C23D4"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__en4093r:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF28AC8F-E394-41FB-9231-15DCF23AB4DE"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__g8264cs:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "722DAC15-6519-478B-92E5-4E493E5DD2A0"}, {"criteria": "cpe:2.3:h:ibm:system_networking_rackswitch__si4093:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F753679C-08B5-4362-8379-8ADC5FB2CAFA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:server_connectivity_module_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B3B06C-A542-4B33-923C-355B405ED74B", "versionEndIncluding": "1.1.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:server_connectivity_module:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABE97296-4751-4860-8EB2-CF9E9905096A"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/798.html\" target=\"_blank\">CWE-798: Use of Hard-coded Credentials</a>", "sourceIdentifier": "psirt@us.ibm.com"}
