7.2

CVE-2012-2188

EPSS 0.06%
Published 06.08.2012 16:55:03
Last modified 11.04.2025 00:51:21
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Power Hardware Management Console Firmware Version7r3.5.0

Ibm ≫ Power Hardware Management Console Firmware Version7r7.1.0

Ibm ≫ Power Hardware Management Console Firmware Version7r7.2.0

Ibm ≫ Power Hardware Management Console Firmware Version7r7.3.0

Ibm ≫ Systems Director Management Console Firmware Version6r7.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.139

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825

Vendor Advisory

http://www.ibm.com/support/docview.wss?uid=isg1MB03548

http://www.ibm.com/support/docview.wss?uid=isg1MB03550

http://www.ibm.com/support/docview.wss?uid=isg1MB03554

http://www.ibm.com/support/docview.wss?uid=isg1MB03580

https://exchange.xforce.ibmcloud.com/vulnerabilities/75906

https://nvd.nist.gov/vuln/detail/CVE-2012-2188

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2188

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2188

EUVD