CVE-2019-4169

CRITICAL

IBM Open Power Firmware - Privilege Escalation

Title source: llm

Description

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.

References (2)

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=ibm10881209

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/158702

Scores

CVSS v3 9.1

EPSS 0.0027

EPSS Percentile 50.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-1188

Status published

Products (2)

ibm/open_power op910

ibm/open_power op920

Published Aug 26, 2019

Tracked Since Feb 18, 2026