Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quantum | Scalar I500 Firmware | <= i7.0.2 |
| Quantum | Scalar I500 | 5u |
| Dell | Powervault Ml6000 Firmware | 585g.gs003 |
| Dell | Powervault Ml6000 | 32u |
| Dell | Powervault Ml6010 | 5u |
| Dell | Powervault Ml6020 | 14u |
| Dell | Powervault Ml6030 | 23u |
Related Weaknesses (CWE)
References
- http://osvdb.org/80227
- http://secunia.com/advisories/48403
- http://secunia.com/advisories/48453
- http://www.kb.cert.org/vuls/id/913483US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8NNKN8US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8NVRPYUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74161
- http://osvdb.org/80227
- http://secunia.com/advisories/48403
- http://secunia.com/advisories/48453
- http://www.kb.cert.org/vuls/id/913483US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8NNKN8US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8NVRPYUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74161
FAQ
What is CVE-2012-1843?
CVE-2012-1843 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library ...
How severe is CVE-2012-1843?
CVE-2012-1843 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1843?
Check the references section above for vendor advisories and patch information. Affected products include: Quantum Scalar I500 Firmware, Quantum Scalar I500, Dell Powervault Ml6000 Firmware, Dell Powervault Ml6000, Dell Powervault Ml6010.