CVE-2012-2188 : IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 befo

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

Published 2012-08-06 16:55:03

Updated 2017-08-29 01:31:33

Source IBM Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-2188

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-2188

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-2188

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2188

http://www.ibm.com/support/docview.wss?uid=isg1MB03550

IBM notice: The page you requested cannot be displayed
http://www.ibm.com/support/docview.wss?uid=isg1MB03580

IBM notice: The page you requested cannot be displayed
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825

IBM notice: The page you requested cannot be displayed
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/75906

IBM Hardware Management Console viosvrcmd command privilege escalation CVE-2012-2188 Vulnerability Report
http://www.ibm.com/support/docview.wss?uid=isg1MB03554

IBM notice: The page you requested cannot be displayed
http://www.ibm.com/support/docview.wss?uid=isg1MB03548

IBM notice: The page you requested cannot be displayed

Products affected by CVE-2012-2188

IBM » Power Hardware Management Console Firmware » Version: 7r7.3.0
cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.3.0:*:*:*:*:*:*:*
Matching versions
IBM » Power Hardware Management Console Firmware » Version: 7r7.1.0
cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Power Hardware Management Console Firmware » Version: 7r7.2.0
cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.2.0:*:*:*:*:*:*:*
Matching versions
IBM » Power Hardware Management Console Firmware » Version: 7r3.5.0
cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r3.5.0:*:*:*:*:*:*:*
Matching versions
IBM » Systems Director Management Console Firmware » Version: 6r7.3.0
cpe:2.3:o:ibm:systems_director_management__console_firmware:6r7.3.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-2188

Exploit prediction scoring system (EPSS) score for CVE-2012-2188

CVSS scores for CVE-2012-2188

CWE ids for CVE-2012-2188

References for CVE-2012-2188

Products affected by CVE-2012-2188