Multiple vulnerabilities in IBM Flex System switch firmware products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-5130 CVE-2017-16932 CVE-2017-15412 CVE-2016-5131 |
| CWE-ID | CWE-122 CWE-400 CWE-416 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Flex System Fabric CN4093 10Gb ScSE firmware Hardware solutions / Firmware IBM Flex System Fabric SI4093 GbFSIM 10Gb Scalable Switch Hardware solutions / Routers & switches, VoIP, GSM, etc IBM Flex System EN2092 1Gb Ethernet Scalable Switch Hardware solutions / Routers & switches, VoIP, GSM, etc IBM Flex System Fabric EN4093R 10Gb Scalable Switch Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU8929
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-5130
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in libxml2. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsFlex System Fabric CN4093 10Gb ScSE firmware: before 7.8.20.00
IBM Flex System Fabric SI4093 GbFSIM 10Gb Scalable Switch: before 7.8.20.00
IBM Flex System EN2092 1Gb Ethernet Scalable Switch: before 7.8.20.00
IBM Flex System Fabric EN4093R 10Gb Scalable Switch: before 7.8.20.00
CPE2.3- cpe:2.3:h:ibm_corporation:flex_system_fabric_cn4093_10gb_scse_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_fabric_si4093_gbfsim_10gb_scalable_switch:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_en2092_1gb_ethernet_scalable_switch:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_fabric_en4093r_10gb_scalable_switch:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/713477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU9542
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16932
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in parser.c function due to improper handling of certain parameter entities. A remote attacker can supply specially constructed XML data, trigger resource exhaustion and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsFlex System Fabric CN4093 10Gb ScSE firmware: before 7.8.20.00
IBM Flex System Fabric SI4093 GbFSIM 10Gb Scalable Switch: before 7.8.20.00
IBM Flex System EN2092 1Gb Ethernet Scalable Switch: before 7.8.20.00
IBM Flex System Fabric EN4093R 10Gb Scalable Switch: before 7.8.20.00
CPE2.3- cpe:2.3:h:ibm_corporation:flex_system_fabric_cn4093_10gb_scse_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_fabric_si4093_gbfsim_10gb_scalable_switch:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_en2092_1gb_ethernet_scalable_switch:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_fabric_en4093r_10gb_scalable_switch:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/713477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU9577
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-15412
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in libXML. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsFlex System Fabric CN4093 10Gb ScSE firmware: before 7.8.20.00
IBM Flex System Fabric SI4093 GbFSIM 10Gb Scalable Switch: before 7.8.20.00
IBM Flex System EN2092 1Gb Ethernet Scalable Switch: before 7.8.20.00
IBM Flex System Fabric EN4093R 10Gb Scalable Switch: before 7.8.20.00
CPE2.3- cpe:2.3:h:ibm_corporation:flex_system_fabric_cn4093_10gb_scse_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_fabric_si4093_gbfsim_10gb_scalable_switch:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_en2092_1gb_ethernet_scalable_switch:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_fabric_en4093r_10gb_scalable_switch:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/713477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Use-after-free
EUVDB-ID: #VU33135
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-5131
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the XPointer range-to function. A remote attackers can cause a denial of service or execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsFlex System Fabric CN4093 10Gb ScSE firmware: before 7.8.20.00
IBM Flex System Fabric SI4093 GbFSIM 10Gb Scalable Switch: before 7.8.20.00
IBM Flex System EN2092 1Gb Ethernet Scalable Switch: before 7.8.20.00
IBM Flex System Fabric EN4093R 10Gb Scalable Switch: before 7.8.20.00
CPE2.3- cpe:2.3:h:ibm_corporation:flex_system_fabric_cn4093_10gb_scse_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_fabric_si4093_gbfsim_10gb_scalable_switch:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_en2092_1gb_ethernet_scalable_switch:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_flex_system_fabric_en4093r_10gb_scalable_switch:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/713477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
