CVE-2012-2188

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=isg1MB03548
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1MB03554
http://www.ibm.com/support/docview.wss?uid=isg1MB03550
http://www.ibm.com/support/docview.wss?uid=isg1MB03580
https://exchange.xforce.ibmcloud.com/vulnerabilities/75906

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.3.0:::::::*
	cpe:2.3:o:ibm:systems_director_management__console_firmware:6r7.3.0:::::::*
	cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.1.0:::::::*
	cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.2.0:::::::*
	cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r3.5.0:::::::*

Information

Published : 2012-08-06 09:55

Updated : 2017-08-28 18:31

NVD link : CVE-2012-2188

Mitre link : CVE-2012-2188

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

ibm

systems_director_management__console_firmware
power_hardware_management_console_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03548", "name": "MB03548", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825", "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03554", "name": "MB03554", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03550", "name": "MB03550", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03580", "name": "MB03580", "tags": [], "refsource": "AIXAPAR"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75906", "name": "ibm-hmc-viosvrcmd-priv-escalation(75906)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-2188", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-08-06T16:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:systems_director_management__console_firmware:6r7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r3.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:31Z"}

7.2 /10