CVE-2016-0230
Description
IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a2q/1/MH01640.readme.html
Vendor advisory: psirt@us.ibm.com — https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1v/2/MH01639.readme.html
Vendor advisory: psirt@us.ibm.com — https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1r/2/MH01638.readme.html
Vendor advisory: psirt@us.ibm.com — https://delivery04.dhe.ibm.com/sar/CMA/HMA/069y2/1/MH01636.readme.html
Vendor advisory: psirt@us.ibm.com — https://delivery04.dhe.ibm.com/sar/CMA/HMA/069vc/2/MH01635.readme.html
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1MB04027
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1MB04026
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1MB04025
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1MB04024
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1MB04023
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1MB04022
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1MB04021
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=nas8N1021387
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | hardware_management_console | 7.9.0 | |
| ibm | hardware_management_console | 8.1.0 | |
| ibm | hardware_management_console | 8.2.0 | |
| ibm | hardware_management_console | 8.3.0 | |
| ibm | hardware_management_console | 7.3.0 | |
| ibm | hardware_management_console | 8.4.0 | |
| ibm | hardware_management_console | 8.5.0 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021387
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04021
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04022
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04023
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04024
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04025
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04026
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04027
- http://www.securityfocus.com/bid/91535
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/069vc/2/MH01635.readme.html
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/069y2/1/MH01636.readme.html
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1r/2/MH01638.readme.html
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1v/2/MH01639.readme.html
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a2q/1/MH01640.readme.html
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021387
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04021
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04022
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04023
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04024
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04025
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04026
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04027
- http://www.securityfocus.com/bid/91535
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/069vc/2/MH01635.readme.html
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/069y2/1/MH01636.readme.html
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.