CVE-2012-1844

The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8	US Government Resource
http://www.kb.cert.org/vuls/id/913483	US Government Resource
http://www.kb.cert.org/vuls/id/MORO-8QNJLE	US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8NVRPY	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/74322
http://osvdb.org/80372

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:quantum:scalar_i500_firmware:i7.0.1:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:i7:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:sp4.2:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:sp4:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:i5.1:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:i5:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:i6.1:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:i6:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:i2:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware::::::::
	cpe:2.3:a:quantum:scalar_i500_firmware:i4:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:i3.1:::::::*
	cpe:2.3:a:quantum:scalar_i500_firmware:i3:::::::*

OR	cpe:2.3:h:quantum:scalar_i500:14u:::::::*
	cpe:2.3:h:quantum:scalar_i500:23u:::::::*
	cpe:2.3:h:quantum:scalar_i500:5u:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:dell:powervault_ml6000_firmware:585g.gs003:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:powervault_ml6020:14u:::::::*
	cpe:2.3:h:dell:powervault_ml6010:5u:::::::*
	cpe:2.3:h:dell:powervault_ml6030:23u:::::::*
	cpe:2.3:h:dell:powervault_ml6000:41u:::::::*
	cpe:2.3:h:dell:powervault_ml6000:32u:::::::*

Configuration 3 (hide)

AND

cpe:2.3:a:ibm:ts3310_tape_library_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ibm:ts3310_tape_library:3573:::::::*
	cpe:2.3:h:ibm:ts3310_tape_library:3576:::::::*

Information

Published : 2012-03-22 03:17

Updated : 2018-01-09 18:29

NVD link : CVE-2012-1844

Mitre link : CVE-2012-1844

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

dell

powervault_ml6010
powervault_ml6020
powervault_ml6000
powervault_ml6000_firmware
powervault_ml6030

quantum

scalar_i500_firmware
scalar_i500

ibm

ts3310_tape_library
ts3310_tape_library_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8", "name": "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8", "tags": ["US Government Resource"], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/913483", "name": "VU#913483", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.kb.cert.org/vuls/id/MORO-8QNJLE", "name": "http://www.kb.cert.org/vuls/id/MORO-8QNJLE", "tags": ["US Government Resource"], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY", "name": "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY", "tags": ["US Government Resource"], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74322", "name": "scalar-default-account(74322)", "tags": [], "refsource": "XF"}, {"url": "http://osvdb.org/80372", "name": "80372", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1844", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-03-22T10:17Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:sp4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:sp4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "i7.0.2"}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:quantum:scalar_i500_firmware:i3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:quantum:scalar_i500:14u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:quantum:scalar_i500:23u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:quantum:scalar_i500:5u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:dell:powervault_ml6000_firmware:585g.gs003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:powervault_ml6020:14u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dell:powervault_ml6010:5u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dell:powervault_ml6030:23u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dell:powervault_ml6000:41u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dell:powervault_ml6000:32u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:ts3310_tape_library_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "605g.g002"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ibm:ts3310_tape_library:3573:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ibm:ts3310_tape_library:3576:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-01-10T02:29Z"}

7.5 /10