CVE-2012-1844 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2012-1844?

CVE-2012-1844 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-1844?

Check the references section above for vendor advisories and patch information. Affected products include: Quantum Scalar I500 Firmware, Quantum Scalar I500, Dell Powervault Ml6000 Firmware, Dell Powervault Ml6000, Dell Powervault Ml6010.

Vulnerability Description

The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Quantum	Scalar I500 Firmware	<= i7.0.2
Quantum	Scalar I500	5u
Dell	Powervault Ml6000 Firmware	585g.gs003
Dell	Powervault Ml6000	32u
Dell	Powervault Ml6010	5u
Dell	Powervault Ml6020	14u
Dell	Powervault Ml6030	23u
Ibm	Ts3310 Tape Library Firmware	<= 605g.g002
Ibm	Ts3310 Tape Library	3573

Related Weaknesses (CWE)

CWE-255

References

http://osvdb.org/80372
http://www.kb.cert.org/vuls/id/913483US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8NVRPYUS Government Resource
http://www.kb.cert.org/vuls/id/MORO-8QNJLEUS Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/74322
http://osvdb.org/80372
http://www.kb.cert.org/vuls/id/913483US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8NVRPYUS Government Resource
http://www.kb.cert.org/vuls/id/MORO-8QNJLEUS Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/74322

FAQ

What is CVE-2012-1844?

CVE-2012-1844 is a vulnerability with a CVSS score of 7.5 (HIGH). The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape lib...

How severe is CVE-2012-1844?

CVE-2012-1844 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-1844?

Check the references section above for vendor advisories and patch information. Affected products include: Quantum Scalar I500 Firmware, Quantum Scalar I500, Dell Powervault Ml6000 Firmware, Dell Powervault Ml6000, Dell Powervault Ml6010.