CVE-2012-2188 - OpenCVE

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Power Hardware Management Console Firmware Systems Director Management Console Firmware

Configuration 1 [-]

OR	cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r3.5.0:::::::*
	cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.1.0:::::::*
	cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.2.0:::::::*
	cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.3.0:::::::*
	cpe:2.3:o:ibm:systems_director_management__console_firmware:6r7.3.0:::::::*

No data.

References

Link	Providers
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825
http://www.ibm.com/support/docview.wss?uid=isg1MB03548
http://www.ibm.com/support/docview.wss?uid=isg1MB03550
http://www.ibm.com/support/docview.wss?uid=isg1MB03554
http://www.ibm.com/support/docview.wss?uid=isg1MB03580
https://exchange.xforce.ibmcloud.com/vulnerabilities/75906

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2012-08-06T16:00:00

Updated: 2024-08-06T19:26:08.999Z

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2188

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-06T16:55:03.260

Modified: 2017-08-29T01:31:33.290

Link: CVE-2012-2188

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-hmc-viosvrcmd-priv-escalation(75906)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75906"}, {"name": "MB03580", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03580"}, {"name": "MB03554", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03554"}, {"name": "MB03550", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03550"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825"}, {"name": "MB03548", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03548"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2188", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-hmc-viosvrcmd-priv-escalation(75906)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75906"}, {"name": "MB03580", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03580"}, {"name": "MB03554", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03554"}, {"name": "MB03550", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03550"}, {"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825", "refsource": "CONFIRM", "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825"}, {"name": "MB03548", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03548"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:08.999Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-hmc-viosvrcmd-priv-escalation(75906)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75906"}, {"name": "MB03580", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03580"}, {"name": "MB03554", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03554"}, {"name": "MB03550", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03550"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825"}, {"name": "MB03548", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03548"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2188", "datePublished": "2012-08-06T16:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.999Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C706107B-02F5-4154-AF00-EC38ED071762", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7CB489D8-2D41-4B76-A8D1-AC53A3F39DCE", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE12A3BC-94BB-489C-866D-98ED68970A4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA3AF9DC-3140-4AC1-8D29-97195F693FD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:systems_director_management__console_firmware:6r7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "86931EBA-806C-4CC0-81B4-6500F94552C9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character."}, {"lang": "es", "value": "IBM Power Hardware Management Console (HMC) v7R3.5.0 anteriores a vSP4, v7R7.1.0 y 7R7.2.0 anteriores a v7R7.2.0 SP3, y 7R7.3.0 anteriores a SP2, y Systems Director Management Console (SDMC) v6R7.3.0 anteriores a SP2, no restringe de forma adecuada el comando VIOS viosrvcmd, lo que permite a usuarios locales a obtener privilegios a trav\u00e9s de vectores que implican los caracteres (1) $ (signo del dolar) o (2) & (ampersand)."}], "id": "CVE-2012-2188", "lastModified": "2017-08-29T01:31:33.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-06T16:55:03.260", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825"}, {"source": "psirt@us.ibm.com", "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03548"}, {"source": "psirt@us.ibm.com", "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03550"}, {"source": "psirt@us.ibm.com", "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03554"}, {"source": "psirt@us.ibm.com", "url": "http://www.ibm.com/support/docview.wss?uid=isg1MB03580"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75906"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}