What is CVE-2024-35124?

CVE-2024-35124 is a high-severity vulnerability in Ibm Openbmc, classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 7.5/10. Published 2024-08-13.

How severe is CVE-2024-35124?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Ibm Openbmc

CVE-2024-35124

A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BM…

EPSS: 0.001 (20.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Ibm Openbmc — versions FW1050.00, FW1030.00, FW1020.00

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

www.ibm.com/support/pages/node/7163195 (vendor-advisory)
https://exchange.xforce.ibmcloud.com/vulnerabilities/290674 (vdb-entry)

Frequently asked questions

What is CVE-2024-35124?: CVE-2024-35124 is a high-severity vulnerability in Ibm Openbmc, classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 7.5/10. Published 2024-08-13.
How severe is CVE-2024-35124?: High severity. CVSS v3 base score is 7.5 out of 10.