Sign-up

ID

VAR-201208-0620


CVE

CVE-2012-2188


TITLE

IBM HMC and SDMC Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2012-003476

DESCRIPTION

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. A local attacker may exploit this issue to execute arbitrary code with Local System privileges. Successful exploits will result in the complete compromise of affected computers. The vulnerability is caused by not properly restricting the VIOS viosrvcmd command

Trust: 1.98

sources: NVD: CVE-2012-2188 // JVNDB: JVNDB-2012-003476 // BID: 54844 // VULHUB: VHN-55469

AFFECTED PRODUCTS

vendor:ibmmodel:power hardware management consolescope:eqversion:7r7.1.0

Trust: 1.6

vendor:ibmmodel:power hardware management consolescope:eqversion:7r7.3.0

Trust: 1.6

vendor:ibmmodel:systems director management consolescope:eqversion:6r7.3.0

Trust: 1.6

vendor:ibmmodel:power hardware management consolescope:eqversion:7r3.5.0

Trust: 1.6

vendor:ibmmodel:power hardware management consolescope:eqversion:7r7.2.0

Trust: 1.6

vendor:ibmmodel:hardware management consolescope:eqversion:sp4

Trust: 0.8

vendor:ibmmodel:systems director management consolescope:eqversion:sp2

Trust: 0.8

vendor:ibmmodel:hardware management consolescope:ltversion:7r3.5.0

Trust: 0.8

vendor:ibmmodel:hardware management consolescope:ltversion:7r7.3.0

Trust: 0.8

vendor:ibmmodel:hardware management consolescope:eqversion:7r7.2.0 sp3

Trust: 0.8

vendor:ibmmodel:hardware management consolescope:eqversion:sp2

Trust: 0.8

vendor:ibmmodel:systems director management consolescope:ltversion:6r7.3.0

Trust: 0.8

vendor:ibmmodel:hardware management consolescope:ltversion:7r7.2.0

Trust: 0.8

vendor:ibmmodel:hardware management consolescope:eqversion:7r7.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2012-003476 // CNNVD: CNNVD-201208-013 // NVD: CVE-2012-2188

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2188
value: HIGH

Trust: 1.0

NVD: CVE-2012-2188
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201208-013
value: HIGH

Trust: 0.6

VULHUB: VHN-55469
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-2188
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-55469
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-55469 // JVNDB: JVNDB-2012-003476 // CNNVD: CNNVD-201208-013 // NVD: CVE-2012-2188

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-55469 // JVNDB: JVNDB-2012-003476 // NVD: CVE-2012-2188

THREAT TYPE

local

Trust: 0.9

sources: BID: 54844 // CNNVD: CNNVD-201208-013

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201208-013

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003476

PATCH
title:Security Bulletin: Power HMC viosrvcmd command allows elevated privilege on VIOS (CVE-2012-2188)url:https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825?lang=ja
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003476

EXTERNAL IDS
db:NVDid:CVE-2012-2188
Trust: 2.8
db:JVNDBid:JVNDB-2012-003476
Trust: 0.8
db:CNNVDid:CNNVD-201208-013
Trust: 0.7
db:AIXAPARid:MB03548
Trust: 0.6
db:AIXAPARid:MB03554
Trust: 0.6
db:AIXAPARid:MB03550
Trust: 0.6
db:AIXAPARid:MB03580
Trust: 0.6
db:NSFOCUSid:20263
Trust: 0.6
db:XFid:75906
Trust: 0.6
db:BIDid:54844
Trust: 0.4
db:VULHUBid:VHN-55469
Trust: 0.1
sources:
            
            
            VULHUB: VHN-55469 // 
            
            
            
            BID: 54844 // 
            
            
            
            JVNDB: JVNDB-2012-003476 // 
            
            
            
            CNNVD: CNNVD-201208-013 // 
            
            
            
            NVD: CVE-2012-2188

REFERENCES
url:http://www.ibm.com/support/docview.wss?uid=isg1mb03548
Trust: 1.7
url:http://www.ibm.com/support/docview.wss?uid=isg1mb03550
Trust: 1.7
url:http://www.ibm.com/support/docview.wss?uid=isg1mb03554
Trust: 1.7
url:http://www.ibm.com/support/docview.wss?uid=isg1mb03580
Trust: 1.7
url:http://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/75906
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2188
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2188
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/75906
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20263
Trust: 0.6
url:http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-55469 // 
            
            
            
            BID: 54844 // 
            
            
            
            JVNDB: JVNDB-2012-003476 // 
            
            
            
            CNNVD: CNNVD-201208-013 // 
            
            
            
            NVD: CVE-2012-2188

CREDITS
CitiGroup Inc
Trust: 0.3
sources:
            
            
            BID: 54844

SOURCES
db:VULHUBid:VHN-55469
db:BIDid:54844
db:JVNDBid:JVNDB-2012-003476
db:CNNVDid:CNNVD-201208-013
db:NVDid:CVE-2012-2188

LAST UPDATE DATE
2025-04-11T23:08:49.499000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-55469date:2017-08-29T00:00:00
db:BIDid:54844date:2012-08-07T00:00:00
db:JVNDBid:JVNDB-2012-003476date:2012-08-08T00:00:00
db:CNNVDid:CNNVD-201208-013date:2012-08-08T00:00:00
db:NVDid:CVE-2012-2188date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-55469date:2012-08-06T00:00:00
db:BIDid:54844date:2012-08-07T00:00:00
db:JVNDBid:JVNDB-2012-003476date:2012-08-08T00:00:00
db:CNNVDid:CNNVD-201208-013date:2012-08-08T00:00:00
db:NVDid:CVE-2012-2188date:2012-08-06T16:55:03.260