CVE-2024-45656
📋 TL;DR
IBM Flexible Service Processor (FSP) firmware contains hardcoded credentials that could allow network users to gain service privileges. This affects multiple FSP firmware versions across various IBM server platforms. Attackers with network access could exploit these static credentials to compromise the service processor.
💻 Affected Systems
- IBM Flexible Service Processor (FSP)
📦 What is this software?
Power System E1080 \(9080 Hex\) Firmware by Ibm
View all CVEs affecting Power System E1080 \(9080 Hex\) Firmware →
Power System E1080 \(9080 Hex\) Firmware by Ibm
View all CVEs affecting Power System E1080 \(9080 Hex\) Firmware →
Power System E1080 \(9080 Hex\) Firmware by Ibm
View all CVEs affecting Power System E1080 \(9080 Hex\) Firmware →
Power System E850 \(8408 E8e\) Firmware by Ibm
View all CVEs affecting Power System E850 \(8408 E8e\) Firmware →
Power System E850c \(8408 44e\) Firmware by Ibm
View all CVEs affecting Power System E850c \(8408 44e\) Firmware →
Power System E870 \(9119 Mme\) Firmware by Ibm
View all CVEs affecting Power System E870 \(9119 Mme\) Firmware →
Power System E870c \(9080 Mme\) Firmware by Ibm
View all CVEs affecting Power System E870c \(9080 Mme\) Firmware →
Power System E880 \(9119 Mhe\) Firmware by Ibm
View all CVEs affecting Power System E880 \(9119 Mhe\) Firmware →
Power System E880c \(9080 Mhe\) Firmware by Ibm
View all CVEs affecting Power System E880c \(9080 Mhe\) Firmware →
Power System E950 \(9040 Mr9\) Firmware by Ibm
View all CVEs affecting Power System E950 \(9040 Mr9\) Firmware →
Power System E980 \(9080 M9s\) Firmware by Ibm
View all CVEs affecting Power System E980 \(9080 M9s\) Firmware →
Power System H922 \(9223 22h\) Firmware by Ibm
View all CVEs affecting Power System H922 \(9223 22h\) Firmware →
Power System H922 \(9223 22s\) Firmware by Ibm
View all CVEs affecting Power System H922 \(9223 22s\) Firmware →
Power System H924 \(9223 42h\) Firmware by Ibm
View all CVEs affecting Power System H924 \(9223 42h\) Firmware →
Power System H924 \(9223 42s\) Firmware by Ibm
View all CVEs affecting Power System H924 \(9223 42s\) Firmware →
Power System L922 \(9008 22l\) Firmware by Ibm
View all CVEs affecting Power System L922 \(9008 22l\) Firmware →
Power System S812 \(8284 21a\) Firmware by Ibm
View all CVEs affecting Power System S812 \(8284 21a\) Firmware →
Power System S812l \(8247 21l\) Firmware by Ibm
View all CVEs affecting Power System S812l \(8247 21l\) Firmware →
Power System S814 \(8286 41a\) Firmware by Ibm
View all CVEs affecting Power System S814 \(8286 41a\) Firmware →
Power System S822 \(8284 22a\) Firmware by Ibm
View all CVEs affecting Power System S822 \(8284 22a\) Firmware →
Power System S822l \(8247 22l\) Firmware by Ibm
View all CVEs affecting Power System S822l \(8247 22l\) Firmware →
Power System S824 \(8286 42a\) Firmware by Ibm
View all CVEs affecting Power System S824 \(8286 42a\) Firmware →
Power System S824l \(8247 42l\) Firmware by Ibm
View all CVEs affecting Power System S824l \(8247 42l\) Firmware →
Power System S914 \(9009 41a\) Firmware by Ibm
View all CVEs affecting Power System S914 \(9009 41a\) Firmware →
Power System S914 \(9009 41g\) Firmware by Ibm
View all CVEs affecting Power System S914 \(9009 41g\) Firmware →
Power System S922 \(9009 22a\) Firmware by Ibm
View all CVEs affecting Power System S922 \(9009 22a\) Firmware →
Power System S922 \(9009 22g\) Firmware by Ibm
View all CVEs affecting Power System S922 \(9009 22g\) Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Full compromise of the service processor allowing attackers to gain administrative control over the FSP, potentially leading to server management takeover, data exfiltration, or denial of service.
Likely Case
Unauthorized access to the FSP management interface enabling configuration changes, monitoring data access, and potential privilege escalation to the host system.
If Mitigated
Limited impact if network segmentation isolates FSP interfaces and strong access controls are implemented, though the vulnerability remains present.
🎯 Exploit Status
Exploitation requires only network access to the FSP interface and knowledge of the static credentials. No authentication bypass needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply firmware updates: FW860.B4 or later, FW950.C1 or later, FW1030.62 or later, FW1050.22 or later, FW1060.11 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7174183
Restart Required: Yes
Instructions:
1. Download appropriate firmware update from IBM Fix Central. 2. Apply update through FSP web interface or HMC. 3. Reboot the service processor. 4. Verify firmware version after update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate FSP management interfaces from general network access
Access Control Lists
allImplement strict network ACLs to limit access to FSP interfaces
🧯 If You Can't Patch
- Implement strict network segmentation to isolate FSP interfaces from untrusted networks
- Monitor FSP access logs for unauthorized authentication attempts and credential use
🔍 How to Verify
Check if Vulnerable:
Check FSP firmware version through HMC or FSP web interface and compare against affected versions listCheck Version:
From HMC: lssyscfg -r sys -F state,type_model,serial_num,ipaddrVerify Fix Applied:
Verify firmware version is updated to patched version through FSP interface📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful logins
- Multiple login attempts from unusual sources
- Configuration changes from unexpected users
Network Indicators:
- Network traffic to FSP management ports from unauthorized sources
- Authentication attempts using default/service credentials
SIEM Query:
source="fsp_logs" AND (event_type="authentication" AND result="success") AND user="service_account"