• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: IBM Hardware Management Console Guided Setup Wizard Unauthorized Access Vulnerability

Severity: HIGH

Description:

IBM Hardware Management Console (HMC) is a dedicated workstation that runs system management applications. HMC manages hardware tasks, configures logical partitions, and detects and reports hardware issues. HMC is shipped with POWER4 and POWER5 servers.

IBM Hardware Management Console includes a utility called Guided Setup Wizard. The Guided Setup Wizard is a graphical application that is used to set up HMC. It is reported that a vulnerability affecting HMC allows local unauthorized users to launch the Guided Setup Wizard and perform various tasks provided by the application. This includes setting up HMC, changing passwords for predefined users of HMC, creating users, and various other attacks against computers managed by HMC. An attacker may gain unauthorized access to computers managed by HMC.

IBM Hardware Management Console version 4.0 release 2.0 and above are considered vulnerable to this issue. Other versions may be affected as well.

This BID will be updated when more information becomes available.

Affected Products:

• IBM Hardware Management Console (HMC) for iSeries 4.0.0 R2.0
• IBM Hardware Management Console (HMC) for iSeries 4.0.0 R2.1
• IBM Hardware Management Console (HMC) for iSeries 4.0.0 R3.1
• IBM Hardware Management Console (HMC) for iSeries 4.0.0 R3.2
• IBM Hardware Management Console (HMC) for iSeries 4.0.0 R3.3
• IBM Hardware Management Console (HMC) for iSeries 4.0.0 R4.0
• IBM Hardware Management Console (HMC) for pSeries 4.0.0 R2.0
• IBM Hardware Management Console (HMC) for pSeries 4.0.0 R2.1
• IBM Hardware Management Console (HMC) for pSeries 4.0.0 R3.1
• IBM Hardware Management Console (HMC) for pSeries 4.0.0 R3.2
• IBM Hardware Management Console (HMC) for pSeries 4.0.0 R3.3
• IBM Hardware Management Console (HMC) for pSeries 4.0.0 R4.0

References:

• IBM: Hardware Management Console - Support for i5, p5, pSeries and OpenPower

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.