HOMEVULNERABILITIESCVE-2014-4752
CRITICAL

CVE-2014-4752

NVD-CWE-OtherPublished: September 23, 2014· Updated: Jun 17, 2026

10.0
CVSS v3.1

Official Description

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

NVD Source

Technical Analysis

CVE-2014-4752 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.
User Interaction
Scope
Impact
ConfidentialityC
IntegrityC
AvailabilityC
AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Vendors & Products

IBM40 product(s)
system networking rackswitch g8332 firmwaresystem networking rackswitch g8332bladecenter 1g firmwarebladecenter 1gsystem networking rackswitch g8052 firmwaresystem networking rackswitch g8124 firmwaresystem networking rackswitch g8124e firmwaresystem networking rackswitch g8124er firmwaresystem networking rackswitch g8264 firmwaresystem networking rackswitch g8264t firmwaresystem networking rackswitch g8316 firmwaresystem networking rackswitch g8052+28
Source: NVD CPE · 40 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (4)

Quick Facts

CVE IDCVE-2014-4752
CVSS Score10.0 / 10
SeverityCRITICAL
CISA KEVNo
Affected1 vendor(s)
PublishedSep 23, 2014

Related CVEs (NVD-CWE-Other)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2014-4752 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.