CVE-2024-35124
📋 TL;DR
This vulnerability allows attackers to gain administrative access to OpenBMC systems by exploiting default passwords and session management weaknesses. It affects IBM systems running specific OpenBMC firmware versions. Attackers can take full control of the Baseboard Management Controller, which manages hardware monitoring and remote administration.
💻 Affected Systems
- IBM systems with OpenBMC firmware
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of BMC allowing attackers to install persistent malware, manipulate hardware settings, intercept traffic, and maintain access even after system reboots.
Likely Case
Unauthorized administrative access to BMC leading to system monitoring, configuration changes, and potential lateral movement to connected systems.
If Mitigated
Limited impact if default passwords were changed and proper network segmentation was implemented.
🎯 Exploit Status
Exploitation requires knowledge of default credentials and network access to BMC interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions beyond affected ranges (FW1050.11+, FW1030.51+, FW1020.61+)
Vendor Advisory: https://www.ibm.com/support/pages/node/7163195
Restart Required: Yes
Instructions:
1. Download updated firmware from IBM support portal. 2. Backup current BMC configuration. 3. Apply firmware update via BMC web interface or IPMI. 4. Reboot BMC. 5. Verify new firmware version.
🔧 Temporary Workarounds
Change Default Passwords
allImmediately change all default BMC passwords to strong, unique credentials.
ipmitool user set password <userid> <newpassword>
Network Segmentation
linuxRestrict BMC network access to management VLANs only.
iptables -A INPUT -s <management_network> -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Change all default passwords immediately and enforce strong password policies
- Implement strict network access controls to isolate BMC interfaces from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check BMC firmware version via web interface or 'ipmitool mc info' command and compare against affected versions.Check Version:
ipmitool mc info | grep 'Firmware Revision'Verify Fix Applied:
Verify firmware version is beyond affected ranges and test that default credentials no longer work.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful login with default credentials
- Unusual BMC configuration changes from unexpected sources
Network Indicators:
- BMC authentication attempts from unauthorized IP addresses
- BMC traffic outside management network segments
SIEM Query:
source="bmc" AND (event_type="authentication" AND result="success" AND user="admin") OR (event_type="configuration_change" AND user!="authorized_user")