Strix
26.1K

CVE-2014-4752

UnknownEPSS 2.03%

Last modified

CVE-2014-4752 is a vulnerability of currently unknown severity. IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.. EPSS estimates a 2.03% chance of exploitation in the next 30 days.

Description

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

Metrics

EPSS Probability
2.03%

78.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
IbmSystem Networking Rackswitch G8332 Firmware<= 7.7.16.0
IbmSystem Networking Rackswitch G8332All versions
IbmBladecenter 1g Firmware<= 5.3.4.0
IbmBladecenter 1gAll versions
IbmSystem Networking Rackswitch G8052 Firmware<= 7.9.1.0
IbmSystem Networking Rackswitch G8124 Firmware<= 7.9.1.0
IbmSystem Networking Rackswitch G8124e Firmware<= 7.9.1.0
IbmSystem Networking Rackswitch G8124er Firmware<= 7.9.1.0
IbmSystem Networking Rackswitch G8264 Firmware<= 7.9.1.0
IbmSystem Networking Rackswitch G8264t Firmware<= 7.9.1.0
IbmSystem Networking Rackswitch G8316 Firmware<= 7.9.1.0
IbmSystem Networking Rackswitch G8052All versions
IbmSystem Networking Rackswitch G8124All versions
IbmSystem Networking Rackswitch G8124eAll versions
IbmSystem Networking Rackswitch G8124erAll versions
IbmSystem Networking Rackswitch G8264All versions
IbmSystem Networking Rackswitch G8264tAll versions
IbmSystem Networking Rackswitch G8316All versions
IbmBladecenter 1\/10g Firmware<= 7.4.7.0
IbmBladecenter 1\/10gAll versions
IbmFlex System Interconnect Fabric Firmware<= 7.8.5.0
IbmFlex System Interconnect FabricAll versions
IbmBladecenter 1g L2-7 Slb Firmware<= 21.0.20.0
IbmBladecenter 1g L2-7 SlbAll versions
IbmSystem Networking Rackswitch G8332 Firmware<= 7.1.6.0
IbmBladecenter 10g Vfsm Firmware<= 7.8.6.0
IbmBladecenter 10g VfsmAll versions
IbmSystem Networking Rackswitch Cn4093 Firmware<= 7.8.5.0
IbmSystem Networking Rackswitch En2092 Firmware<= 7.8.5.0
IbmSystem Networking Rackswitch En4093 Firmware<= 7.8.5.0
IbmSystem Networking Rackswitch En4093r Firmware<= 7.8.5.0
IbmSystem Networking Rackswitch G8264cs Firmware<= 7.8.5.0
IbmSystem Networking Rackswitch Si4093 Firmware<= 7.8.5.0
IbmSystem Networking Rackswitch Cn4093All versions
IbmSystem Networking Rackswitch En2092All versions
IbmSystem Networking Rackswitch En4093All versions
IbmSystem Networking Rackswitch En4093rAll versions
IbmSystem Networking Rackswitch G8264csAll versions
IbmSystem Networking Rackswitch Si4093All versions
IbmServer Connectivity Module Firmware<= 1.1.3.0
IbmServer Connectivity ModuleAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-4752?
IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
How severe is CVE-2014-4752?
Severity scoring for CVE-2014-4752 is pending analysis. The EPSS model estimates a 2.03% probability of exploitation in the next 30 days.
How do I fix CVE-2014-4752?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-4752?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST