Main Vulnerability Database Vulnerabilities #VU82014

Permissions, Privileges, and Access Controls in IBM Hardware Management Console - CVE-2022-43926

Published: October 16, 2023

Vulnerability identifier: #VU82014

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-43926

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Hardware Management Console

Detailed vulnerability description

The vulnerability allows an attacker with physical access to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. An attacker with physical access can trigger the vulnerability to elevate privileges to root on the underneath HMC linux system without having HMC credentials.

How to mitigate CVE-2022-43926

Install updates from vendor's website.

Sources

https://www.ibm.com/support/pages/node/6954679

Permissions, Privileges, and Access Controls in IBM Hardware Management Console - CVE-2022-43926

Detailed vulnerability description

How to mitigate CVE-2022-43926

Sources

Please verify you're human