There is a vulnerability to which the FlashSystem™ V840 is susceptible. An exploit of this vulnerability could make the system subject to an attack allowing an escalation of privilege. Only systems with 1.4 firmware installed are vulnerable.
CVEID: CVE-2018-1822 DESCRIPTION: IBM FlashSystem product allows a specially crafted attack to gain administrative control or to deny service.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150296> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
FlashSystem V840 machine type and models (MTMs) affected include 9840-AE1 and 9843-AE1
MTMs | VRMF | APAR | Remediation/First Fix |
---|
Storage nodes:
9840-AE1 & 9843-AE1
Controller nodes:
9846-AC0, 9846-AC1, 9848-AC0, & 9848-AC1
|
Code fixes are now available. The minimum VRMF containing the fix depends on the code stream:
Fixed Code VRMF
1.5 stream: 1.5.0.0
1.4 stream: 1.4.8.1
Controller Node VRMF
The controller nodes are not susceptible to this vulnerability.
| N/A | FlashSystem V840 fixes are available @ IBM’s Fix Central
None.