CVE-2024-46933
📋 TL;DR
BullSequana XH2140 BMC systems were shipped with unconfigured AST2600 hardware, allowing privileged attackers to cause denial-of-service conditions. This affects BullSequana XH2140 systems with BMC firmware before C4EM-125: OMF_C4E 101.05.0014. The vulnerability stems from improper hardware programming during manufacturing.
💻 Affected Systems
- Atos Eviden BullSequana XH2140
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Privileged attacker causes complete BMC failure, rendering the server unmanageable and potentially requiring physical intervention to restore functionality.
Likely Case
Authorized administrators or compromised privileged accounts could disrupt BMC operations, affecting remote management capabilities.
If Mitigated
With proper access controls and network segmentation, impact is limited to authorized users who would need to intentionally exploit the vulnerability.
🎯 Exploit Status
Requires privileged access to BMC interface. No public exploit code available as of current information.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: C4EM-125: OMF_C4E 101.05.0014 or later
Restart Required: No
Instructions:
1. Download BMC firmware update from Bull support portal. 2. Apply update through BMC web interface or CLI. 3. Verify firmware version after update.
🔧 Temporary Workarounds
Restrict BMC Access
allLimit BMC interface access to only authorized administrators using network segmentation and strict access controls.
🧯 If You Can't Patch
- Isolate BMC management network from general corporate network
- Implement strict access controls and monitoring for BMC interfaces
🔍 How to Verify
Check if Vulnerable:
Check BMC firmware version via BMC web interface or IPMI commands. If version is earlier than C4EM-125: OMF_C4E 101.05.0014, system is vulnerable.Check Version:
ipmitool mc info | grep 'Firmware Revision' or check via BMC web interface under firmware informationVerify Fix Applied:
Verify BMC firmware version shows C4EM-125: OMF_C4E 101.05.0014 or later after applying update.📡 Detection & Monitoring
Log Indicators:
- BMC firmware version changes
- BMC service disruptions or restarts
- Failed BMC authentication attempts from privileged accounts
Network Indicators:
- Unusual BMC network traffic patterns
- BMC interface becoming unresponsive
SIEM Query:
source="BMC" AND (event_type="firmware_update" OR event_type="service_disruption")