7.2

CVE-2012-2188

EPSS 0.06%
Veröffentlicht 06.08.2012 16:55:03
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Power Hardware Management Console Firmware Version7r3.5.0

Ibm ≫ Power Hardware Management Console Firmware Version7r7.1.0

Ibm ≫ Power Hardware Management Console Firmware Version7r7.2.0

Ibm ≫ Power Hardware Management Console Firmware Version7r7.3.0

Ibm ≫ Systems Director Management Console Firmware Version6r7.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.139

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825

Vendor Advisory

http://www.ibm.com/support/docview.wss?uid=isg1MB03548

http://www.ibm.com/support/docview.wss?uid=isg1MB03550

http://www.ibm.com/support/docview.wss?uid=isg1MB03554

http://www.ibm.com/support/docview.wss?uid=isg1MB03580

https://exchange.xforce.ibmcloud.com/vulnerabilities/75906

https://nvd.nist.gov/vuln/detail/CVE-2012-2188

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2188

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2188

EUVD