Sign-up

ID

VAR-201209-0571


CVE

CVE-2012-2187


TITLE

plural IBM For product IBM Remote Supervisor Adapter II Vulnerability that breaks cryptographic protection mechanisms in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2012-004588

DESCRIPTION

IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. IBM Remote Supervisor Adapter II is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Attackers can exploit this vulnerability to break through the encryption protection mechanism through unknown vectors

Trust: 1.98

sources: NVD: CVE-2012-2187 // JVNDB: JVNDB-2012-004588 // BID: 55609 // VULHUB: VHN-55468

AFFECTED PRODUCTS

vendor:ibmmodel:remote supervisor adapter iiscope:lteversion:1.13

Trust: 1.8

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.1

Trust: 1.6

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.8

Trust: 1.6

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.10

Trust: 1.6

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.12

Trust: 1.6

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.9

Trust: 1.6

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.11

Trust: 1.6

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.6

Trust: 1.6

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.7

Trust: 1.6

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.0

Trust: 1.6

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.3

Trust: 1.0

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.4

Trust: 1.0

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.5

Trust: 1.0

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.2

Trust: 1.0

vendor:ibmmodel:system x3650scope: - version: -

Trust: 0.8

vendor:ibmmodel:system x3850scope:eqversion:m2

Trust: 0.8

vendor:ibmmodel:system x3950scope:eqversion:m2

Trust: 0.8

vendor:ibmmodel:remote supervisor adapter iiscope:eqversion:1.13

Trust: 0.6

sources: JVNDB: JVNDB-2012-004588 // CNNVD: CNNVD-201209-539 // NVD: CVE-2012-2187

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2187
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-2187
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201209-539
value: MEDIUM

Trust: 0.6

VULHUB: VHN-55468
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-2187
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-55468
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-55468 // JVNDB: JVNDB-2012-004588 // CNNVD: CNNVD-201209-539 // NVD: CVE-2012-2187

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-55468 // JVNDB: JVNDB-2012-004588 // NVD: CVE-2012-2187

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-539

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201209-539

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004588

PATCH
title:Weak Key Vulnerability in Remote Supervisor Adapter II firmware (CVE-2012-2187)url:http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25
Trust: 0.8
title:ibm_fw_rsa2_a3ep47a_linux_i386url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44994
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2012-004588 // 
            
            
            
            CNNVD: CNNVD-201209-539

EXTERNAL IDS
db:NVDid:CVE-2012-2187
Trust: 2.8
db:BIDid:55609
Trust: 1.4
db:JVNDBid:JVNDB-2012-004588
Trust: 0.8
db:CNNVDid:CNNVD-201209-539
Trust: 0.7
db:VULHUBid:VHN-55468
Trust: 0.1
sources:
            
            
            VULHUB: VHN-55468 // 
            
            
            
            BID: 55609 // 
            
            
            
            JVNDB: JVNDB-2012-004588 // 
            
            
            
            CNNVD: CNNVD-201209-539 // 
            
            
            
            NVD: CVE-2012-2187

REFERENCES
url:http://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25
Trust: 1.7
url:https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=migr-5091525
Trust: 1.7
url:http://www.securityfocus.com/bid/55609
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2187
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2187
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-55468 // 
            
            
            
            BID: 55609 // 
            
            
            
            JVNDB: JVNDB-2012-004588 // 
            
            
            
            CNNVD: CNNVD-201209-539 // 
            
            
            
            NVD: CVE-2012-2187

CREDITS
University of Michigan and UC San Diego
Trust: 0.3
sources:
            
            
            BID: 55609

SOURCES
db:VULHUBid:VHN-55468
db:BIDid:55609
db:JVNDBid:JVNDB-2012-004588
db:CNNVDid:CNNVD-201209-539
db:NVDid:CVE-2012-2187

LAST UPDATE DATE
2025-04-11T23:16:40.007000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-55468date:2013-02-12T00:00:00
db:BIDid:55609date:2012-10-19T15:30:00
db:JVNDBid:JVNDB-2012-004588date:2012-09-27T00:00:00
db:CNNVDid:CNNVD-201209-539date:2012-09-26T00:00:00
db:NVDid:CVE-2012-2187date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-55468date:2012-09-25T00:00:00
db:BIDid:55609date:2012-09-17T00:00:00
db:JVNDBid:JVNDB-2012-004588date:2012-09-27T00:00:00
db:CNNVDid:CNNVD-201209-539date:2012-09-26T00:00:00
db:NVDid:CVE-2012-2187date:2012-09-25T20:55:00.877