Main Vulnerability Database Vulnerabilities #VU82014

Permissions, Privileges, and Access Controls in IBM Hardware Management Console - CVE-2022-43926

Published: October 16, 2023

Vulnerability identifier: #VU82014

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-43926

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
IBM Hardware Management Console

Software vendor:
IBM Corporation

Description

The vulnerability allows an attacker with physical access to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. An attacker with physical access can trigger the vulnerability to elevate privileges to root on the underneath HMC linux system without having HMC credentials.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/6954679

Permissions, Privileges, and Access Controls in IBM Hardware Management Console - CVE-2022-43926

Description

Remediation

External links

Please verify you're human