CVE-2012-4856

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2012-4856
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.

7.9 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 5.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.kb.cert.org/vuls/id/194604 US Government Resource
http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.asc Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/79736
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:ibm:power_5_system_firmware:sf240_403_382:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_382_382:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_259_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_258_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_371:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_415_382:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_284_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_261_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_201_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_338_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_298_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_332_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_202_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_219_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_222_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_358_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_233_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_299_201:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_417:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power_5_system_firmware:sf240_320_201:*:*:*:*:*:*:*
OR cpe:2.3:h:ibm:power_5:9117-570:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9131-52a:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9113-550:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9124-720:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9405-520:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9111-285:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9115-505:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9110-510:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9406-525:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9406-550:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9133-55a:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9116-561:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9406-520:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9111-520:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9123-710:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9118-575:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9110-51a:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9406-570:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_5:9407-515:*:*:*:*:*:*:*
Information

Published : 2012-12-20 04:02

Updated : 2017-08-28 18:32

NVD link : CVE-2012-4856

Mitre link : CVE-2012-4856

JSON object : View

CWE
CWE-255

Credentials Management Errors

Advertisement

dedicated server usa
Products Affected

ibm

  • power_5
  • power_5_system_firmware