Details of VAR-201408-0031

ID

VAR-201408-0031

CVE

CVE-2013-6306

TITLE

IBM Power 7 In the system Service Processor Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-003916

DESCRIPTION

Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors. Local attackers can exploit this issue to gain elevated privileges on affected computers. The following versions are affected: IBM Power 7 Systems Version 740 prior to Version 740.70 01Ax740_121, Version 760 prior to Version 760.40 Ax760_078, Version 770 prior to Version 770.30 01Ax770_062

Trust: 1.98

sources: NVD: CVE-2013-6306 // JVNDB: JVNDB-2014-003916 // BID: 69355 // VULHUB: VHN-66308

AFFECTED PRODUCTS

vendor:	ibm	model:	power 740	scope:	eq	version:	740.51_01ax740_098_042	Trust: 1.6
vendor:	ibm	model:	power 760	scope:	eq	version:	760.20_ah760_062_043	Trust: 1.6
vendor:	ibm	model:	power 760	scope:	eq	version:	760.30_ah760_068_043	Trust: 1.6
vendor:	ibm	model:	power 760	scope:	eq	version:	760.11_ax760_051_034	Trust: 1.6
vendor:	ibm	model:	power 760	scope:	eq	version:	760.10_am760_044_034	Trust: 1.6
vendor:	ibm	model:	power 740	scope:	eq	version:	740.52_01ax740_100_042	Trust: 1.6
vendor:	ibm	model:	power 760	scope:	eq	version:	760.00_ax760_034_034	Trust: 1.6
vendor:	ibm	model:	power 760	scope:	eq	version:	760.30_am760_068_034	Trust: 1.6
vendor:	ibm	model:	power 760	scope:	eq	version:	760.31_ah760_069_043	Trust: 1.6
vendor:	ibm	model:	power 760	scope:	eq	version:	760.31_am760_069_034	Trust: 1.6
vendor:	ibm	model:	power 760	scope:	eq	version:	9109-rmd	Trust: 1.0
vendor:	ibm	model:	power 770	scope:	eq	version:	9117-mmc	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.16_01ax740_046_042	Trust: 1.0
vendor:	ibm	model:	power 730	scope:	eq	version:	8231-e2c	Trust: 1.0
vendor:	ibm	model:	powerlinux 7r1	scope:	eq	version:	8246-l1t	Trust: 1.0
vendor:	ibm	model:	power 770	scope:	eq	version:	770.20_01ax770_048_032	Trust: 1.0
vendor:	ibm	model:	powerlinux 7r2	scope:	eq	version:	8246-l2t	Trust: 1.0
vendor:	ibm	model:	power 770	scope:	eq	version:	770.00_01al770_032_032	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.61_01ax740_112_042	Trust: 1.0
vendor:	ibm	model:	power 710	scope:	eq	version:	8231-e1d	Trust: 1.0
vendor:	ibm	model:	power 750	scope:	eq	version:	8408-e8d	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.15_01ax740_045_042	Trust: 1.0
vendor:	ibm	model:	power 760	scope:	eq	version:	760.10_ax760_043_034	Trust: 1.0
vendor:	ibm	model:	power 770	scope:	eq	version:	770.21_01ax770_052_032	Trust: 1.0
vendor:	ibm	model:	power 760	scope:	eq	version:	760.20_am760_062_034	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.21_01ax740_077_042	Trust: 1.0
vendor:	ibm	model:	power 720	scope:	eq	version:	8202-e4c	Trust: 1.0
vendor:	ibm	model:	power 710	scope:	eq	version:	8231-e1c	Trust: 1.0
vendor:	ibm	model:	power 720	scope:	eq	version:	8202-e4d	Trust: 1.0
vendor:	ibm	model:	powerlinux 7r1	scope:	eq	version:	8246-l1d	Trust: 1.0
vendor:	ibm	model:	power 770	scope:	eq	version:	770.22_01ax770_055_032	Trust: 1.0
vendor:	ibm	model:	powerlinux 7r2	scope:	eq	version:	8246-l2d	Trust: 1.0
vendor:	ibm	model:	power 730	scope:	eq	version:	8231-e2d	Trust: 1.0
vendor:	ibm	model:	power 780	scope:	eq	version:	9179-mhd	Trust: 1.0
vendor:	ibm	model:	power 780	scope:	eq	version:	9179-mhc	Trust: 1.0
vendor:	ibm	model:	power 770	scope:	eq	version:	9117-mmd	Trust: 1.0
vendor:	ibm	model:	power 795	scope:	eq	version:	9119-fhb	Trust: 1.0
vendor:	ibm	model:	power 770	scope:	eq	version:	770.10_01ax770_038_032	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.50_01ax740_095_042	Trust: 1.0
vendor:	ibm	model:	power 760	scope:	eq	version:	760.10_ax760_043_043	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.10_01ax740_043_042	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	8205-e6c	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.00_01ax740_042_042	Trust: 1.0
vendor:	ibm	model:	power ese	scope:	eq	version:	8412-ead	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.40_01ax740_088_042	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	8205-e6d	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.60_01ax740_110_042	Trust: 1.0
vendor:	ibm	model:	power 710	scope:	eq	version:	8268-e1d	Trust: 1.0
vendor:	ibm	model:	power 740	scope:	eq	version:	740.20_01ax740_075_042	Trust: 1.0
vendor:	ibm	model:	power	scope:	eq	version:	7100	Trust: 0.9
vendor:	ibm	model:	power 710	scope:	eq	version:	(8268-e1d) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	power 760	scope:	lt	version:	760	Trust: 0.8
vendor:	ibm	model:	power 730	scope:	eq	version:	(8231-e2c) ( firmware 740)	Trust: 0.8
vendor:	ibm	model:	powerlinux 7r1	scope:	eq	version:	(8246-l1d) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	power 770	scope:	lt	version:	770	Trust: 0.8
vendor:	ibm	model:	power 780	scope:	eq	version:	(9179-mhd) ( firmware 760)	Trust: 0.8
vendor:	ibm	model:	power 740	scope:	eq	version:	740.70 01ax740_121	Trust: 0.8
vendor:	ibm	model:	power 760	scope:	eq	version:	760.40 ax760_078	Trust: 0.8
vendor:	ibm	model:	power 795	scope:	eq	version:	(9119-fhb) ( firmware 760)	Trust: 0.8
vendor:	ibm	model:	power 740	scope:	lt	version:	740	Trust: 0.8
vendor:	ibm	model:	power 730	scope:	eq	version:	(8231-e2d) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	powerlinux 7r1	scope:	eq	version:	(8246-l1t) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	power 770	scope:	eq	version:	770.30 01ax770_062	Trust: 0.8
vendor:	ibm	model:	power 720	scope:	eq	version:	(8202-e4c) ( firmware 740)	Trust: 0.8
vendor:	ibm	model:	power 740	scope:	eq	version:	(8205-e6d) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	power 760	scope:	eq	version:	(9109-rmd) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	powerlinux 7r2	scope:	eq	version:	(8246-l2t) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	power 710	scope:	eq	version:	(8231-e1d) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	power 750	scope:	eq	version:	(8408-e8d) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	power 720	scope:	eq	version:	(8202-e4d) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	power ese	scope:	eq	version:	(8412-ead) ( firmware 760)	Trust: 0.8
vendor:	ibm	model:	power 710	scope:	eq	version:	(8231-e1c) ( firmware 740)	Trust: 0.8
vendor:	ibm	model:	power 740	scope:	eq	version:	(8205-e6c) ( firmware 740)	Trust: 0.8
vendor:	ibm	model:	power 770	scope:	eq	version:	(9117-mmd) ( firmware 760)	Trust: 0.8
vendor:	ibm	model:	power 770	scope:	eq	version:	(9117-mmc) ( firmware 740/770)	Trust: 0.8
vendor:	ibm	model:	power 780	scope:	eq	version:	(9179-mhc) ( firmware 740/770)	Trust: 0.8
vendor:	ibm	model:	powerlinux 7r4	scope:	eq	version:	(8248-l4t) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	powerlinux 7r2	scope:	eq	version:	(8246-l2d) ( firmware 770)	Trust: 0.8
vendor:	ibm	model:	powerlinux 7r2	scope:	eq	version:	0	Trust: 0.6
vendor:	ibm	model:	power	scope:	eq	version:	7800	Trust: 0.6
vendor:	ibm	model:	power	scope:	eq	version:	7700	Trust: 0.6
vendor:	ibm	model:	power	scope:	eq	version:	7400	Trust: 0.6
vendor:	ibm	model:	power	scope:	eq	version:	7300	Trust: 0.6
vendor:	ibm	model:	power	scope:	eq	version:	7200	Trust: 0.6
vendor:	ibm	model:	powerlinux 7r4	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	powerlinux 7r1	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	power ese	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	power 795	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	power	scope:	eq	version:	7600	Trust: 0.3
vendor:	ibm	model:	power	scope:	eq	version:	7500	Trust: 0.3

sources: BID: 69355 // JVNDB: JVNDB-2014-003916 // CNNVD: CNNVD-201408-363 // NVD: CVE-2013-6306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6306
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6306
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201408-363
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66308
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6306
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66308
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66308 // JVNDB: JVNDB-2014-003916 // CNNVD: CNNVD-201408-363 // NVD: CVE-2013-6306

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-6306

THREAT TYPE

local

Trust: 0.9

sources: BID: 69355 // CNNVD: CNNVD-201408-363

TYPE

Unknown

Trust: 0.3

sources: BID: 69355

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003916

PATCH

title:

T1021104

url:

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021104

Trust: 0.8

sources: JVNDB: JVNDB-2014-003916

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6306	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-003916	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-363	Trust: 0.7
db:	XF	id:	88555	Trust: 0.6
db:	BID	id:	69355	Trust: 0.4
db:	VULHUB	id:	VHN-66308	Trust: 0.1

sources: VULHUB: VHN-66308 // BID: 69355 // JVNDB: JVNDB-2014-003916 // CNNVD: CNNVD-201408-363 // NVD: CVE-2013-6306

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1021104	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/88555	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6306	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6306	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/88555	Trust: 0.6
url:	http://www.ibm.com	Trust: 0.3

sources: VULHUB: VHN-66308 // BID: 69355 // JVNDB: JVNDB-2014-003916 // CNNVD: CNNVD-201408-363 // NVD: CVE-2013-6306

CREDITS

IBM

Trust: 0.3

sources: BID: 69355

SOURCES

db:	VULHUB	id:	VHN-66308
db:	BID	id:	69355
db:	JVNDB	id:	JVNDB-2014-003916
db:	CNNVD	id:	CNNVD-201408-363
db:	NVD	id:	CVE-2013-6306

LAST UPDATE DATE

2025-04-13T23:39:41.864000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66308	date:	2017-08-29T00:00:00
db:	BID	id:	69355	date:	2014-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-003916	date:	2014-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201408-363	date:	2014-08-25T00:00:00
db:	NVD	id:	CVE-2013-6306	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66308	date:	2014-08-22T00:00:00
db:	BID	id:	69355	date:	2014-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-003916	date:	2014-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201408-363	date:	2014-08-25T00:00:00
db:	NVD	id:	CVE-2013-6306	date:	2014-08-22T17:55:02.377