07 November 2024 ⚠️ CRITICAL ALERT: Critical vulnerability in IBM hardware ⚠️ (07/11/2024)

📢 IBM has published a major vulnerability affecting IBM Flexible Service Processors (FSP)[CVE-2024-45656]. This issue allows malicious users to gain service privileges on the FSP, an essential component for server out-of-band management. This vulnerability has a CVSS score of 9.8, making it a critical threat to the security of your systems.

💻 What is the FSP?

The FSP (Flexible Service Processor) is an always-on processor used to manage POWER servers. It provides various platform management interfaces, and any vulnerability linked to it can expose your system to major risks.

🛠️ How can this vulnerability be corrected?

The update depends on your processor, and each version requires a specific patch. Here are the versions concerned:

🤖For Power10 servers :

  • Vulnerable firmware: All versions prior to FW1030, FW1050 and FW1060.
  • Recommended correction:
    • FW1030.62(1030_082)
    • FW1050.22(1050_063)
    • FW1060.11(1060_065)
    • Newer version recommended.

🤖For Power9 servers :

  • Vulnerable firmware: All versions prior to FW950.
  • Recommended correction:
    • FW950.C1(950_165)
    • Newer version recommended.

♦️Power9 products concerned :

  • IBM Power System L922, S922, H922, S914, S924, H924
  • IBM Power System E950, E980
  • IBM ESS 5000

🤖For Power8 servers :

  • Vulnerable firmware: All versions prior to FW860.
  • Recommended correction:
    • FW860.B4(860_246)
    • Newer version recommended.

♦️Power8 products concerned :

  • IBM Power System S812, S822, S814, S824
  • IBM Power System S812L, S822L, S824L
  • IBM Power System E850, E870, E880
  • IBM Power System E870C, E880C

🔧 Why is this important?

This vulnerability can expose your systems to remote attacks, compromising the integrity and security of your infrastructures. It is therefore essential to apply these patches without delay.

📌 Besoin de plus de détails ?
Rendez-vous sur le site officiel d’IBM pour toutes les informations supplémentaires sur cette alerte critique :
👉 Lien vers le support IBM

⚡ Agissez maintenant pour sécuriser votre environnement IT avec STR-iCT

🔐 Keep up to date with the latest cybersecurity alerts! 🚀

Posted in

Latest news

Alert

IBM i Security Alert: Ethernet recovery for certain IBM i adapters (12/03/2025)

12 March 2025
Read more
Alert

IBM i Security Alert: Database bypass denial of service (12/02/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Privilege elevation (02/25/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Vulnerabilities in the Java SDK (11/02/2025)

11 February 2025
Read more
Alert

IBM i Security Alert: RDi XStream (27/01/2025)

27 January 2025
Read more
Alert

IBM i Security Alert: IBM PowerHA SystemMirror (13/01/2025)

13 January 2025
Read more
Alert

IBM i Security Alert: 2 critical vulnerabilities in Rational Developer for i (RDi)!(10/12/2024)

10 December 2024
Read more
Alert

IBM i Security Alert: 4 vulnerabilities in the IBM HTTP Server! (09/12/2024)

09 December 2024
Read more