Details of VAR-202410-2938

ID

VAR-202410-2938

CVE

CVE-2024-45656

DESCRIPTION

IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.

Trust: 1.0

sources: NVD: CVE-2024-45656

AFFECTED PRODUCTS

vendor:	ibm	model:	power system s924 \	scope:	lte	version:	fw950.c0	Trust: 2.0
vendor:	ibm	model:	power system h924 \	scope:	lte	version:	fw950.c0	Trust: 2.0
vendor:	ibm	model:	power system h922 \	scope:	lte	version:	fw950.c0	Trust: 2.0
vendor:	ibm	model:	power system s922 \	scope:	gte	version:	fw950.00	Trust: 2.0
vendor:	ibm	model:	power system s914 \	scope:	gte	version:	fw950.00	Trust: 2.0
vendor:	ibm	model:	power system s922 \	scope:	lte	version:	fw950.c0	Trust: 2.0
vendor:	ibm	model:	power system s914 \	scope:	lte	version:	fw950.c0	Trust: 2.0
vendor:	ibm	model:	power system s924 \	scope:	gte	version:	fw950.00	Trust: 2.0
vendor:	ibm	model:	power system h922 \	scope:	gte	version:	fw950.00	Trust: 2.0
vendor:	ibm	model:	power system h924 \	scope:	gte	version:	fw950.00	Trust: 2.0
vendor:	ibm	model:	power system e980 \	scope:	lte	version:	fw950.c0	Trust: 1.0
vendor:	ibm	model:	power system s822l \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system e850c \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system e870c \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system s824l \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system e1080 \	scope:	gte	version:	fw1060.00	Trust: 1.0
vendor:	ibm	model:	power system e850 \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system s812 \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system e1080 \	scope:	lte	version:	fw1060.10	Trust: 1.0
vendor:	ibm	model:	power system s814 \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	ess 5000 \	scope:	gte	version:	fw950.00	Trust: 1.0
vendor:	ibm	model:	power system s824 \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system e880 \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system s822 \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system l922 \	scope:	lte	version:	fw950.c0	Trust: 1.0
vendor:	ibm	model:	power system e1080 \	scope:	gte	version:	fw1030.00	Trust: 1.0
vendor:	ibm	model:	power system e850c \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system e870 \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system l922 \	scope:	gte	version:	fw950.00	Trust: 1.0
vendor:	ibm	model:	power system e870c \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system e880c \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system e1080 \	scope:	gte	version:	fw1050.00	Trust: 1.0
vendor:	ibm	model:	power system s814 \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	ess 5000 \	scope:	lte	version:	fw950.c0	Trust: 1.0
vendor:	ibm	model:	power system s824 \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system e880 \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system e950 \	scope:	gte	version:	fw950.00	Trust: 1.0
vendor:	ibm	model:	power system e1080 \	scope:	lte	version:	fw1050.21	Trust: 1.0
vendor:	ibm	model:	power system e950 \	scope:	lte	version:	fw950.c0	Trust: 1.0
vendor:	ibm	model:	power system e870 \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system e880c \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system s812l \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system e1080 \	scope:	lte	version:	fw1030.61	Trust: 1.0
vendor:	ibm	model:	power system e850 \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system s812l \	scope:	gte	version:	fw860.00	Trust: 1.0
vendor:	ibm	model:	power system s822l \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system s822 \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system s824l \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system s812 \	scope:	lte	version:	fw860.b3	Trust: 1.0
vendor:	ibm	model:	power system e980 \	scope:	gte	version:	fw950.00	Trust: 1.0

sources: NVD: CVE-2024-45656

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@us.ibm.com:	CVE-2024-45656
value:	CRITICAL
Trust: 1.0

psirt@us.ibm.com:	CVE-2024-45656
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2024-45656

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.0

sources: NVD: CVE-2024-45656

EXTERNAL IDS

db:

NVD

id:

CVE-2024-45656

Trust: 1.0

sources: NVD: CVE-2024-45656

REFERENCES

url:

https://www.ibm.com/support/pages/node/7174183

Trust: 1.0

sources: NVD: CVE-2024-45656

SOURCES

db:

NVD

id:

CVE-2024-45656

LAST UPDATE DATE

2025-12-18T00:28:34.915000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2024-45656

date:

2025-12-03T18:14:19.413

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2024-45656

date:

2024-10-29T01:15:03.823