Multiple vulnerabilities in IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-0777 CVE-2016-0778 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
QLogic Virtual Fabric Extension Module for IBM BladeCenter Hardware solutions / Other hardware appliances Flex System FC3171 8Gb SAN Pass-thru Hardware solutions / Other hardware appliances Flex System FC3171 8Gb SAN Switch Hardware solutions / Other hardware appliances |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU718
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0777
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to disclose potentially sensitive information on the target system.
The weakness exists due to access control flaw that allows a malicious user to disclose important data.
Successful exploitation of the vulnerability leads to potentially sensitive information disclosure.
Install update from vendor's website.
Vulnerable software versionsQLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.0.3.16.00
Flex System FC3171 8Gb SAN Pass-thru: before 9.1.8.01.00
Flex System FC3171 8Gb SAN Switch: before 9.1.8.01.00
CPE2.3http://www.ibm.com/support/pages/node/868512
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU719
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0778
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause denial of service conditions on the target system.
The weakness is due to insufficient access control that allows attackers to cause the service deny.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsQLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.0.3.16.00
Flex System FC3171 8Gb SAN Pass-thru: before 9.1.8.01.00
Flex System FC3171 8Gb SAN Switch: before 9.1.8.01.00
CPE2.3http://www.ibm.com/support/pages/node/868512
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
