Permissions, privileges, and access controls in IBM Power Hardware Management Console (HMC)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-43926 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
IBM Power Hardware Management Console (HMC) Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU82014
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-43926
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an attacker with physical access to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. An attacker with physical access can trigger the vulnerability to elevate privileges to root on the underneath HMC linux system without having HMC credentials.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Power Hardware Management Console (HMC): before 9.2.950.0 SP3
CPE2.3 External linkshttps://www.ibm.com/support/pages/node/6954679
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
