CVE-2024-45656 CRITICAL

CVE-2024-45656: IBM Flexible Service Processor hard coded credentials

Vendor Ibm
Product Flexible Service Processor
Weakness CWE-798 · Hardcoded credentials
Published October 29, 2024
Last update November 2, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.

Key dates

02Disclosure timeline

October 29, 2024 CVE published
November 2, 2024 Record updated