Details of VAR-201409-0076

ID

VAR-201409-0076

CVE

CVE-2014-4752

TITLE

plural IBM Vulnerability to obtain access rights in products

Trust: 0.8

sources: JVNDB: JVNDB-2014-004408

DESCRIPTION

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. IBM System Networking , Flex System Interconnect Fabric And other IBM Since the product has hard-coded authentication information, there is a vulnerability that can gain access. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlAccess may be obtained by a third party. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the affected device. This may aid in further attacks. The following products and versions are affected: IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, G8264-T switches versions prior to 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, G8264CS switches 7.8

Trust: 1.98

sources: NVD: CVE-2014-4752 // JVNDB: JVNDB-2014-004408 // BID: 69968 // VULHUB: VHN-72693

AFFECTED PRODUCTS

vendor:	ibm	model:	bladecenter 1\/10g	scope:	lte	version:	7.4.7.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8264t	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8264	scope:	lte	version:	7.9.1.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8316	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	bladecenter 1g	scope:	lte	version:	5.3.4.0	Trust: 1.0
vendor:	ibm	model:	flex system interconnect fabric	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch en2092	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch en2092	scope:	lte	version:	7.8.5.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch si4093	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch cn4093	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8124er	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8332	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8316	scope:	lte	version:	7.9.1.0	Trust: 1.0
vendor:	ibm	model:	bladecenter 1g	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	bladecenter 10g vfsm	scope:	lte	version:	7.8.6.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch en4093r	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	server connectivity module	scope:	lte	version:	1.1.3.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8052	scope:	lte	version:	7.9.1.0	Trust: 1.0
vendor:	ibm	model:	bladecenter 1g l2-7 slb	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch en4093	scope:	lte	version:	7.8.5.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8124	scope:	lte	version:	7.9.1.0	Trust: 1.0
vendor:	ibm	model:	flex system interconnect fabric	scope:	lte	version:	7.8.5.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8264	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8124er	scope:	lte	version:	7.9.1.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8052	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	bladecenter 1g l2-7 slb	scope:	lte	version:	21.0.20.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch en4093r	scope:	lte	version:	7.8.5.0	Trust: 1.0
vendor:	ibm	model:	bladecenter 10g vfsm	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8332	scope:	lte	version:	7.7.16.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8124e	scope:	lte	version:	7.9.1.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8264t	scope:	lte	version:	7.9.1.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8124e	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch en4093	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8124	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch si4093	scope:	lte	version:	7.8.5.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8332	scope:	lte	version:	7.1.6.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8264cs	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	server connectivity module	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	bladecenter 1\/10g	scope:	eq	version:	-	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch cn4093	scope:	lte	version:	7.8.5.0	Trust: 1.0
vendor:	ibm	model:	system networking rackswitch g8264cs	scope:	lte	version:	7.8.5.0	Trust: 1.0
vendor:	ibm	model:	1g l2-7 slb switch for bladecenter	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	1g l2-7 slb switch for bladecenter	scope:	lt	version:	21.0.21.0	Trust: 0.8
vendor:	ibm	model:	1g switch for bladecenter	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	1g switch for bladecenter	scope:	lt	version:	5.3.5.0	Trust: 0.8
vendor:	ibm	model:	bladecenter 1/10g uplink ethernet switch module	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	bladecenter 1/10g uplink ethernet switch module	scope:	lt	version:	7.4.8.0	Trust: 0.8
vendor:	ibm	model:	bladecenter server connectivity module	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	bladecenter server connectivity module	scope:	lt	version:	1.1.3.4	Trust: 0.8
vendor:	ibm	model:	flex system en2092 1gb ethernet scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system en2092 1gb ethernet scalable switch	scope:	lt	version:	7.8.6.0	Trust: 0.8
vendor:	ibm	model:	flex system fabric cn4093 10gb converged scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system fabric cn4093 10gb converged scalable switch	scope:	lt	version:	7.8.6.0	Trust: 0.8
vendor:	ibm	model:	flex system fabric en4093 10gb scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system fabric en4093 10gb scalable switch	scope:	lt	version:	7.8.6.0	Trust: 0.8
vendor:	ibm	model:	flex system fabric en4093r 10gb scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system fabric en4093r 10gb scalable switch	scope:	lt	version:	7.8.6.0	Trust: 0.8
vendor:	ibm	model:	flex system fabric si4093 system interconnect module	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system fabric si4093 system interconnect module	scope:	lt	version:	7.8.6.0	Trust: 0.8
vendor:	ibm	model:	flex system interconnect fabric	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system interconnect fabric	scope:	lt	version:	21.0.21.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8000	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8000	scope:	lt	version:	7.1.7.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8052	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8052	scope:	lt	version:	7.9.10.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124	scope:	lt	version:	7.9.10.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124e	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124e	scope:	lt	version:	7.9.10.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124er	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124er	scope:	lt	version:	7.9.10.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8264	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8264	scope:	lt	version:	7.9.10.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8264cs	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8264cs	scope:	lt	version:	7.8.6.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8264t	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8264t	scope:	lt	version:	7.9.10.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8316	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8316	scope:	lt	version:	7.9.10.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8332	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8332	scope:	lt	version:	7.7.17.0	Trust: 0.8
vendor:	ibm	model:	virtual fabric 10gb switch module for ibm bladecenter	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	virtual fabric 10gb switch module for ibm bladecenter	scope:	lt	version:	7.8.14.0	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124e	scope:	eq	version:	7.9.1.0	Trust: 0.6
vendor:	ibm	model:	system networking rackswitch si4093	scope:	eq	version:	7.8.5.0	Trust: 0.6
vendor:	ibm	model:	system networking rackswitch g8316	scope:	eq	version:	7.9.1.0	Trust: 0.6
vendor:	ibm	model:	system networking rackswitch g8264	scope:	eq	version:	7.9.1.0	Trust: 0.6
vendor:	ibm	model:	system networking rackswitch g8124	scope:	eq	version:	7.9.1.0	Trust: 0.6
vendor:	ibm	model:	bladecenter 1\/10g	scope:	eq	version:	7.4.7.0	Trust: 0.6
vendor:	ibm	model:	system networking rackswitch g8264t	scope:	eq	version:	7.9.1.0	Trust: 0.6
vendor:	ibm	model:	flex system interconnect fabric	scope:	eq	version:	7.8.5.0	Trust: 0.6
vendor:	ibm	model:	system networking rackswitch g8124er	scope:	eq	version:	7.9.1.0	Trust: 0.6
vendor:	ibm	model:	bladecenter 1g l2-7 slb	scope:	eq	version:	21.0.20.0	Trust: 0.6
vendor:	ibm	model:	system networking rackswitch g8332	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8316	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8264cs	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8264-t	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8264	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8124-er	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8124-e	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8124	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8052	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8000	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	server connectivity module	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	flex system interconnect fabric	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	flex system fabric si4093 system interconnect module	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	flex system fabric en4093r 10gb scalable switch	scope:	eq	version:	7.8.4.0	Trust: 0.3
vendor:	ibm	model:	flex system fabric en4093 10gb scalable switch	scope:	eq	version:	7.8.4.0	Trust: 0.3
vendor:	ibm	model:	flex system fabric cn4093 10gb converged scalable switch	scope:	eq	version:	7.8.4.0	Trust: 0.3
vendor:	ibm	model:	flex system en2092 1gb ethernet scalable switch	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	1g switch for bladecenter	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	10g vfsm for bladecenter	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	1:10g switch for bladecenter	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8332	scope:	ne	version:	7.7.170	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8316	scope:	ne	version:	7.9.100	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8264cs	scope:	ne	version:	7.8.60	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8264-t	scope:	ne	version:	7.9.100	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8264	scope:	ne	version:	7.9.100	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8124-er	scope:	ne	version:	7.9.100	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8124-e	scope:	ne	version:	7.9.100	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8124	scope:	ne	version:	7.9.100	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8052	scope:	ne	version:	7.9.100	Trust: 0.3
vendor:	ibm	model:	system networking rackswitch g8000	scope:	ne	version:	7.1.70	Trust: 0.3
vendor:	ibm	model:	server connectivity module	scope:	ne	version:	1.1.34	Trust: 0.3
vendor:	ibm	model:	flex system interconnect fabric	scope:	ne	version:	21.0.210	Trust: 0.3
vendor:	ibm	model:	flex system fabric si4093 system interconnect module	scope:	ne	version:	7.8.60	Trust: 0.3
vendor:	ibm	model:	flex system fabric en4093r 10gb scalable switch	scope:	ne	version:	7.8.6.0	Trust: 0.3
vendor:	ibm	model:	flex system fabric en4093 10gb scalable switch	scope:	ne	version:	7.8.6.0	Trust: 0.3
vendor:	ibm	model:	flex system en2092 1gb ethernet scalable switch	scope:	ne	version:	7.8.60	Trust: 0.3
vendor:	ibm	model:	1g switch for bladecenter	scope:	ne	version:	5.3.50	Trust: 0.3
vendor:	ibm	model:	10g vfsm for bladecenter	scope:	ne	version:	7.8.140	Trust: 0.3
vendor:	ibm	model:	1:10g switch for bladecenter	scope:	ne	version:	7.4.80	Trust: 0.3

sources: BID: 69968 // JVNDB: JVNDB-2014-004408 // CNNVD: CNNVD-201409-889 // NVD: CVE-2014-4752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4752
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-4752
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201409-889
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-72693
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-4752
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-72693
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-72693 // JVNDB: JVNDB-2014-004408 // CNNVD: CNNVD-201409-889 // NVD: CVE-2014-4752

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-004408 // NVD: CVE-2014-4752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-889

TYPE

Design Error

Trust: 0.3

sources: BID: 69968

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004408

PATCH

title:

Backdoor Access Vulnerability in IBM System Networking Products (CVE- 2014-4752)

url:

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232

Trust: 0.8

sources: JVNDB: JVNDB-2014-004408

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4752	Trust: 2.8
db:	SECUNIA	id:	54512	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004408	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-889	Trust: 0.7
db:	BID	id:	69968	Trust: 0.4
db:	VULHUB	id:	VHN-72693	Trust: 0.1

sources: VULHUB: VHN-72693 // BID: 69968 // JVNDB: JVNDB-2014-004408 // CNNVD: CNNVD-201409-889 // NVD: CVE-2014-4752

REFERENCES

url:	http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096232	Trust: 1.7
url:	http://secunia.com/advisories/54512	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4752	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4752	Trust: 0.8
url:	http://www.ibm.com	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096232	Trust: 0.3

sources: VULHUB: VHN-72693 // BID: 69968 // JVNDB: JVNDB-2014-004408 // CNNVD: CNNVD-201409-889 // NVD: CVE-2014-4752

CREDITS

IBM

Trust: 0.3

sources: BID: 69968

SOURCES

db:	VULHUB	id:	VHN-72693
db:	BID	id:	69968
db:	JVNDB	id:	JVNDB-2014-004408
db:	CNNVD	id:	CNNVD-201409-889
db:	NVD	id:	CVE-2014-4752

LAST UPDATE DATE

2025-04-13T23:04:50.343000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-72693	date:	2015-11-27T00:00:00
db:	BID	id:	69968	date:	2014-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-004408	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-889	date:	2014-09-24T00:00:00
db:	NVD	id:	CVE-2014-4752	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-72693	date:	2014-09-23T00:00:00
db:	BID	id:	69968	date:	2014-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-004408	date:	2014-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201409-889	date:	2014-09-24T00:00:00
db:	NVD	id:	CVE-2014-4752	date:	2014-09-23T22:55:03.653