Login Sign Up

CVE-2022-22374

9.1 CRITICAL

📋 TL;DR

This vulnerability allows attackers to perform a firmware downgrade attack on IBM Power 9 AC922 servers with specific BMC firmware versions. This could enable attackers to install older, vulnerable firmware versions with known security flaws. Affected systems include IBM Power 9 AC922 servers with OP910, OP920, OP930, and OP940 BMC firmware.

💻 Affected Systems

Products:
  • IBM Power 9 AC922 servers
Versions: BMC firmware versions OP910, OP920, OP930, OP940
Operating Systems: Not OS dependent - affects BMC firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires network access to BMC management interface. Physical access to BMC ports could also enable exploitation.

📦 What is this software?

Power 9 Ac922 Firmware by Ibm

View all CVEs affecting Power 9 Ac922 Firmware →

Power 9 Ac922 Firmware by Ibm

View all CVEs affecting Power 9 Ac922 Firmware →

Power 9 Ac922 Firmware by Ibm

View all CVEs affecting Power 9 Ac922 Firmware →

Power 9 Ac922 Firmware by Ibm

View all CVEs affecting Power 9 Ac922 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could downgrade to firmware with critical vulnerabilities, potentially gaining full control of the BMC and subsequently the host server, leading to complete system compromise, data theft, or service disruption.

🟠

Likely Case

Attackers with network access to BMC interfaces could downgrade firmware to versions with known exploits, enabling privilege escalation, persistence, or denial of service attacks.

🟢

If Mitigated

With proper network segmentation and access controls, the attack surface is limited to authorized administrators, reducing risk to accidental or insider threats only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires access to BMC management interface and knowledge of firmware downgrade procedures. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply firmware updates as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/6565075

Restart Required: Yes

Instructions:

1. Download latest BMC firmware from IBM Fix Central. 2. Follow IBM's firmware update procedures for Power 9 AC922 servers. 3. Verify firmware version after update. 4. Restart BMC services as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to BMC management interfaces to authorized administration networks only

Access Control

all

Implement strong authentication and authorization controls for BMC access

🧯 If You Can't Patch

  • Isolate BMC management interfaces on dedicated, restricted VLANs
  • Implement strict firewall rules to allow BMC access only from authorized IP addresses

🔍 How to Verify

Check if Vulnerable:

Check BMC firmware version via BMC web interface or IPMI commands. If version is OP910, OP920, OP930, or OP940, system is vulnerable.

Check Version:

ipmitool mc info (requires IPMI access) or check BMC web interface firmware version

Verify Fix Applied:

Verify BMC firmware has been updated to a version later than OP940. Check release notes for specific fixed versions.

📡 Detection & Monitoring

Log Indicators:

  • BMC firmware downgrade attempts
  • Unauthorized firmware update events
  • Multiple failed authentication attempts to BMC

Network Indicators:

  • Unexpected traffic to BMC management ports (default 443/HTTPS, 623/IPMI)
  • Firmware transfer traffic to BMC interfaces

SIEM Query:

source="BMC" AND (event_type="firmware_update" OR event_type="authentication_failure")

📊 Metadata

CVE ID: CVE-2022-22374
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Published: March 24, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON