CVE-2016-0230
First published: Thu Jul 07 2016(Updated: )
IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Hardware Management Console - Power Systems | =7.9.0 | |
| IBM Hardware Management Console - Power Systems | =7.9.0-sp1 | |
| IBM Hardware Management Console - Power Systems | =7.9.0-sp2 | |
| IBM Hardware Management Console - Power Systems | =7.9.0-sp3 | |
| IBM Hardware Management Console - Power Systems | =8.1.0 | |
| IBM Hardware Management Console - Power Systems | =8.1.0-sp1 | |
| IBM Hardware Management Console - Power Systems | =8.1.0-sp2 | |
| IBM Hardware Management Console - Power Systems | =8.1.0-sp3 | |
| IBM Hardware Management Console - Power Systems | =8.2.0 | |
| IBM Hardware Management Console - Power Systems | =8.2.0-sp1 | |
| IBM Hardware Management Console - Power Systems | =8.2.0-sp2 | |
| IBM Hardware Management Console - Power Systems | =8.3.0 | |
| IBM Hardware Management Console - Power Systems | =8.3.0-sp1 | |
| IBM Hardware Management Console - Power Systems | =8.3.0-sp2 | |
| IBM Hardware Management Console - Power Systems | =7.3.0 | |
| IBM Hardware Management Console - Power Systems | =7.3.0-sp1 | |
| IBM Hardware Management Console - Power Systems | =7.3.0-sp4 | |
| IBM Hardware Management Console - Power Systems | =7.3.0-sp5 | |
| IBM Hardware Management Console - Power Systems | =7.3.0-sp7 | |
| IBM Hardware Management Console - Power Systems | =8.4.0 | |
| IBM Hardware Management Console - Power Systems | =8.4.0-sp1 | |
| IBM Hardware Management Console - Power Systems | =8.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021387
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04021
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04022
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04023
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04024
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04025
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04026
- http://www-01.ibm.com/support/docview.wss?uid=swg1MB04027
- http://www.securityfocus.com/bid/91535
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/069vc/2/MH01635.readme.html
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/069y2/1/MH01636.readme.html
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1r/2/MH01638.readme.html
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a1v/2/MH01639.readme.html
- https://delivery04.dhe.ibm.com/sar/CMA/HMA/06a2q/1/MH01640.readme.html
Frequently Asked Questions
What is the severity of CVE-2016-0230?
CVE-2016-0230 is classified as a high-severity vulnerability due to the potential for unauthorized root access.
How do I fix CVE-2016-0230?
To mitigate CVE-2016-0230, it is recommended to apply the latest security updates and patches provided by IBM for the affected Hardware Management Console versions.
Who is affected by CVE-2016-0230?
CVE-2016-0230 affects users of IBM Power Hardware Management Console versions 7.3 through 8.5.0, across various service packs.
What kind of attacks can exploit CVE-2016-0230?
CVE-2016-0230 can be exploited by physically proximate attackers to gain root access to the compromised system.
Is there a workaround for CVE-2016-0230?
There are no specific workarounds for CVE-2016-0230 other than applying the security updates from IBM to secure the affected versions.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm hardware management console - power systems
- version/ibm hardware management console - power systems/7.9.0
- version/ibm hardware management console - power systems/7.9.0-sp1
- version/ibm hardware management console - power systems/7.9.0-sp2
- version/ibm hardware management console - power systems/7.9.0-sp3
- version/ibm hardware management console - power systems/8.1.0
- version/ibm hardware management console - power systems/8.1.0-sp1
- version/ibm hardware management console - power systems/8.1.0-sp2
- version/ibm hardware management console - power systems/8.1.0-sp3
- version/ibm hardware management console - power systems/8.2.0
- version/ibm hardware management console - power systems/8.2.0-sp1
- version/ibm hardware management console - power systems/8.2.0-sp2
- version/ibm hardware management console - power systems/8.3.0
- version/ibm hardware management console - power systems/8.3.0-sp1
- version/ibm hardware management console - power systems/8.3.0-sp2
- version/ibm hardware management console - power systems/7.3.0
- version/ibm hardware management console - power systems/7.3.0-sp1
- version/ibm hardware management console - power systems/7.3.0-sp4
- version/ibm hardware management console - power systems/7.3.0-sp5
- version/ibm hardware management console - power systems/7.3.0-sp7
- version/ibm hardware management console - power systems/8.4.0
- version/ibm hardware management console - power systems/8.4.0-sp1
- version/ibm hardware management console - power systems/8.5.0