CVE-2012-2187

IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25	Vendor Advisory
https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525
http://www.securityfocus.com/bid/55609

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.8:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.7:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.0:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.10:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.9:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.2:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.1:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.12:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.11:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.4:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.3:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.5:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware::::::::
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.6:::::::*

OR	cpe:2.3:h:ibm:x3950:m2:::::::*
	cpe:2.3:h:ibm:x3650::::::::
	cpe:2.3:h:ibm:x3850:m2:::::::*

Information

Published : 2012-09-25 13:55

Updated : 2013-02-11 21:08

NVD link : CVE-2012-2187

Mitre link : CVE-2012-2187

JSON object : View

CWE

CWE-310

Cryptographic Issues

Advertisement

Products Affected

ibm

x3850
x3650
x3950
remote_supervisor_adapter_ii_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25", "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525", "name": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/55609", "name": "55609", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-2187", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-09-25T20:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.13"}, {"cpe23Uri": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ibm:x3950:m2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:ibm:x3650:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:ibm:x3850:m2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-02-12T05:08Z"}