Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2188

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2012-2188
Last Modified 07 Aug 2012 12:00:00
Published 06 Aug 2012 12:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-2188

Summary

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

Vulnerable Systems

Operating System

  • Ibm Power Hardware Management Console Firmware 7r3.5.0

  • Ibm Power Hardware Management Console Firmware 7r7.1.0

  • Ibm Power Hardware Management Console Firmware 7r7.2.0

  • Ibm Power Hardware Management Console Firmware 7r7.3.0

  • Ibm Systems Director Management Console Firmware 6r7.3.0


References

XF - ibm-hmc-viosvrcmd-priv-escalation(75906)

AIXAPAR - MB03580

AIXAPAR - MB03554

AIXAPAR - MB03550

AIXAPAR - MB03548

CONFIRM - http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825


Last Updated: 27 May 2016 10:55:02