Two legacy IBM System x server models, retired in 2019, are open to attack and will not receive security patches, according to hardware maker Lenovo. However, the company is offering workaround mitigation.
The two models, IBM System x 3550 M3 and IBM System x 3650 M3, are both vulnerable to command injection attacks. The bug allows an adversary to execute arbitrary commands on either server model’s operating system via a vulnerable application called Integrated Management Module (IMM).
IMM is used for systems-management functions. On the back panel of System x models, serial and Ethernet connectors use the IMM for device management. The flaw, according to a Lenovo advisory posted Tuesday, is in the IMM firmware code and “could allow the execution of operating system commands over an authenticated SSH or Telnet session.”
SSH or Secure Shell is a ...
Copyright of this story solely belongs to threatpost.com . To see the full text click HERE