CVE-2012-4856 : The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418

The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.

Published 2012-12-20 12:02:18

Updated 2017-08-29 01:32:24

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2012-4856

Probability of exploitation activity in the next 30 days: 2.69%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-4856

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.9	HIGH	AV:A/AC:M/Au:N/C:C/I:C/A:C	5.5	10.0	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-4856

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-4856

http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.asc

Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/79736

IBM POWER5 Server System Firmware service processor unauthorized access CVE-2012-4856 Vulnerability Report
http://www.kb.cert.org/vuls/id/194604

VU#194604 - IBM Power 5 Service Processor privilege escalation vulnerability
US Government Resource

Products affected by CVE-2012-4856

IBM » Power 5 System Firmware
Versions up to, including, (<=) sf240_418
cpe:2.3:o:ibm:power_5_system_firmware:*:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 403 382
cpe:2.3:o:ibm:power_5_system_firmware:sf240_403_382:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 382 382
cpe:2.3:o:ibm:power_5_system_firmware:sf240_382_382:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 259 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_259_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 258 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_258_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 371
cpe:2.3:o:ibm:power_5_system_firmware:sf240_371:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 415 382
cpe:2.3:o:ibm:power_5_system_firmware:sf240_415_382:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 284 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_284_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 261 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_261_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 201 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_201_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 338 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_338_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 417
cpe:2.3:o:ibm:power_5_system_firmware:sf240_417:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 299 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_299_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 298 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_298_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 219 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_219_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 202 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_202_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 358 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_358_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 332 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_332_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 320 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_320_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 233 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_233_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 System Firmware » Version: Sf240 222 201
cpe:2.3:o:ibm:power_5_system_firmware:sf240_222_201:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9117-570
cpe:2.3:h:ibm:power_5:9117-570:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9131-52a
cpe:2.3:h:ibm:power_5:9131-52a:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9113-550
cpe:2.3:h:ibm:power_5:9113-550:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9124-720
cpe:2.3:h:ibm:power_5:9124-720:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9405-520
cpe:2.3:h:ibm:power_5:9405-520:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9111-285
cpe:2.3:h:ibm:power_5:9111-285:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9115-505
cpe:2.3:h:ibm:power_5:9115-505:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9110-510
cpe:2.3:h:ibm:power_5:9110-510:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9406-525
cpe:2.3:h:ibm:power_5:9406-525:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9406-550
cpe:2.3:h:ibm:power_5:9406-550:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9133-55a
cpe:2.3:h:ibm:power_5:9133-55a:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9116-561
cpe:2.3:h:ibm:power_5:9116-561:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9406-520
cpe:2.3:h:ibm:power_5:9406-520:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9407-515
cpe:2.3:h:ibm:power_5:9407-515:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9110-51a
cpe:2.3:h:ibm:power_5:9110-51a:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9111-520
cpe:2.3:h:ibm:power_5:9111-520:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9118-575
cpe:2.3:h:ibm:power_5:9118-575:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9123-710
cpe:2.3:h:ibm:power_5:9123-710:*:*:*:*:*:*:*
Matching versions
IBM » Power 5 » Version: 9406-570
cpe:2.3:h:ibm:power_5:9406-570:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-4856

Exploit prediction scoring system (EPSS) score for CVE-2012-4856

CVSS scores for CVE-2012-4856

CWE ids for CVE-2012-4856

References for CVE-2012-4856

Products affected by CVE-2012-4856