CVE-2021-38960
📋 TL;DR
This vulnerability in IBM OPENBMC OP920, OP930, and OP940 allows unauthenticated attackers to access sensitive information without credentials. It affects organizations using these specific IBM baseboard management controller firmware versions for server management. The exposure could include configuration data, credentials, or other system information.
💻 Affected Systems
- IBM OPENBMC OP920
- IBM OPENBMC OP930
- IBM OPENBMC OP940
📦 What is this software?
Power Hardware Management Console \(7063 Cr2\) Firmware by Ibm
View all CVEs affecting Power Hardware Management Console \(7063 Cr2\) Firmware →
Power System Ac922 \(8335 Gth\) Firmware by Ibm
View all CVEs affecting Power System Ac922 \(8335 Gth\) Firmware →
Power System Ac922 \(8335 Gth\) Firmware by Ibm
View all CVEs affecting Power System Ac922 \(8335 Gth\) Firmware →
Power System Ac922 \(8335 Gth\) Firmware by Ibm
View all CVEs affecting Power System Ac922 \(8335 Gth\) Firmware →
Power System Ac922 \(8335 Gtx\) Firmware by Ibm
View all CVEs affecting Power System Ac922 \(8335 Gtx\) Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain administrative credentials or sensitive configuration data, leading to complete system compromise, lateral movement within the network, or data exfiltration.
Likely Case
Unauthenticated users access system information, configuration details, or limited sensitive data that could facilitate further attacks.
If Mitigated
With proper network segmentation and access controls, impact is limited to information disclosure within isolated management networks.
🎯 Exploit Status
Unauthenticated access suggests simple HTTP requests could trigger the vulnerability; exact exploit method not publicly documented
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check IBM advisory for specific fixed versions
Vendor Advisory: https://www.ibm.com/support/pages/node/6529322
Restart Required: Yes
Instructions:
1. Review IBM advisory for affected versions. 2. Download appropriate firmware update from IBM Fix Central. 3. Apply firmware update following IBM documentation. 4. Verify update completion and functionality.
🔧 Temporary Workarounds
Network Segmentation
allIsolate BMC interfaces from untrusted networks
Configure firewall rules to restrict access to BMC IP addresses
Implement VLAN segmentation for management networks
Access Control Lists
linuxRestrict network access to BMC interfaces
iptables -A INPUT -s trusted_network -p tcp --dport bmc_port -j ACCEPT
iptables -A INPUT -p tcp --dport bmc_port -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit BMC interface exposure
- Monitor BMC access logs for unauthorized connection attempts
🔍 How to Verify
Check if Vulnerable:
Check BMC firmware version against IBM advisory; attempt unauthenticated access to sensitive endpoints if authorizedCheck Version:
ipmitool mc info | grep 'Firmware Revision' or check BMC web interfaceVerify Fix Applied:
Verify firmware version is updated to patched version; test that unauthenticated access to sensitive information is blocked📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to BMC web interface
- Unusual request patterns to sensitive BMC endpoints
- Failed authentication followed by information disclosure
Network Indicators:
- Unusual traffic to BMC IP addresses from unauthorized sources
- HTTP requests to sensitive BMC URLs without authentication headers
SIEM Query:
source="bmc_logs" AND (status=200 OR status=401) AND uri CONTAINS "/api/" AND NOT user_agent="authorized_client"