The IMM2 TPM on the Flex System x222 compute node is not configured correctly which can be exploited to steal keys or to perform βdenial of serviceβ type attacks.
The IMM2 TPM on the Flex System x222 compute node is not configured correctly which can be exploited to steal keys or to perform βdenial of serviceβ type attacks.
Content
Vulnerability Details:
CVE ID: CVE-2014-0881 Description:
The TPM of the IMM2 on the Flex System x222 compute node is not configured correctly. TPMs are used to store keys for crypto, attestation values and other security related items. An attacker who found other means to compromise other layers of IMM2 security may then be able to expose TPM data or cause TPM denial of service.
CVSS Base Score: 4.6
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/91146> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Flex System x222 compute node Firmware 1.00 to 3.56 (1AOO10I to 1AOO50K)
IBM recommends updating to the following firmware level or later. Firmware updates are available through IBM Fix Central.
Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
None
Change History
28 February 2014: Original Copy Published
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an βindustry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.β IBM PROVIDES THE CVSS SCORES βAS ISβ WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.