Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
AnalysisAI
Denial-of-service exposure in IBM OpenBMC firmware versions FW1110.00 through FW1110.11 allows unauthenticated remote attackers to partially degrade system availability by sending specially crafted network requests exploiting improper input quantity validation (CWE-1284). The attack requires no authentication, no user interaction, and low complexity, making it fully automatable per SSVC assessment - though no public exploit code has been identified at time of analysis. Because BMCs operate independently of the host OS and remain network-accessible even when servers are powered down, disrupting this layer carries operational risk disproportionate to the CVSS 5.3 Medium score alone.
Technical ContextAI
IBM OpenBMC is an open-source firmware stack for Baseboard Management Controllers (BMCs), providing out-of-band server management capabilities including power control, hardware health monitoring, remote console access, and firmware update mechanisms via protocols such as IPMI and Redfish. BMCs run on dedicated microcontrollers independent of the host CPU and OS, and remain active and network-reachable even when the host system is powered off - making them a persistent attack surface in data center environments. The root cause is CWE-1284 (Improper Validation of Specified Quantity in Input), a class of flaw where firmware fails to correctly validate size, count, length, or quantity fields in incoming network data. This allows an attacker to supply values outside the expected range, potentially triggering resource exhaustion, infinite loops, or service crashes within the BMC stack. Affected versions span FW1110.00 through FW1110.11, as documented in EUVD-2026-32493. No CPE string was included in the input data; the version range is sourced from EUVD records and the IBM PSIRT advisory.
RemediationAI
Administrators should consult the IBM advisory at https://www.ibm.com/support/pages/node/7272993 for the specific patched firmware version and upgrade procedure. An exact fixed firmware version number was not present in the available input data and has not been independently confirmed - do not assume any specific version beyond FW1110.11 is safe without verifying against the IBM advisory directly. As a compensating control while patching, restrict BMC network access to a dedicated out-of-band management VLAN with strict ACLs that permit only authorized management hosts to reach BMC interfaces; this directly eliminates the unauthenticated remote attack vector by reducing the pool of hosts that can send crafted network requests. Note that aggressive network isolation of the BMC interface will restrict remote management access for administrators not on the management VLAN and may complicate operations in environments without a purpose-built OOB network. Additionally, monitoring for anomalous traffic volumes or repeated connection attempts to BMC ports can provide early warning of exploitation attempts until a patch is applied.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32493
GHSA-rcmv-jxxq-ggjw