CVE Vulnerabilities

CVE-2018-18202

Published: Oct 10, 2018 | Modified: Oct 03, 2019

CVSS 3.x

9.8

CRITICAL

Source:

NVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.x

5 MEDIUM

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-18202
CWE	https://cwe.mitre.org/data/definitions/.html

The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password.

Affected Software

Name	Vendor	Start Version	End Version
Qlogic_4_gb_fibre_channel_expansion_card_firmware	Ibm	5.5.2.6.0	5.5.2.6.0

References

http://misteralfa-hack.blogspot.com/2018/10/ibm-bladecenter-qlogic-4g-fibre-channel.html

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.