Vulnerability Details : CVE-2014-4752
IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
Products affected by CVE-2014-4752
- cpe:2.3:o:ibm:bladecenter_1g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter_1g:-:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:server_connectivity_module_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:server_connectivity_module:-:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:bladecenter_1\/10g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter_1\/10g:-:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:bladecenter_1g_l2-7_slb_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter_1g_l2-7_slb:-:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__en4093_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__en4093r_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__cn4093_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__si4093_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__en2092_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8264cs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__en4093:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__en4093r:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__cn4093:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__si4093:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__en2092:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__g8264cs:-:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8332_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8332_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__g8332:-:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8052_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8124_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8124e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8124er_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8264_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8316_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:system_networking_rackswitch__g8264t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__g8052:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__g8124:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__g8124e:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__g8124er:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__g8264:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__g8316:-:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:system_networking_rackswitch__g8264t:-:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:bladecenter_10g_vfsm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter_10g_vfsm:-:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:flex_system_interconnect_fabric_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:flex_system_interconnect_fabric:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4752
2.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4752
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2014-4752
-
http://secunia.com/advisories/54512
Sign in
-
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232
IBM Security Bulletin: Backdoor Access Vulnerability in IBM System Networking Products (CVE- 2014-4752)Vendor Advisory
Jump to