Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1460 — IBM Advanced Management Module vulnerability

CWE-3994 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

4.4%

top 10.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Advanced Management Module

Timeline

PublishedApr 16

Latest updateMay 2

Description

The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/advanced_management_module2.50+12

Patches

Patch: www-947.ibm.com ↗Patch: www-947.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-2768-2mfm-w93v: The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which↗2022-05-02

▶

CVEList

CVE-2010-1460: The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which↗2010-04-16

▶

💥Exploits & PoCs

Exploit-DB

IBM Bladecenter Management Module - Denial of Service↗2010-04-15

▶