Vulnerability Description
IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Power Hardware Management Console Firmware | 7r3.5.0 |
| Ibm | Systems Director Management Console Firmware | 6r7.3.0 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_vioVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1MB03548
- http://www.ibm.com/support/docview.wss?uid=isg1MB03550
- http://www.ibm.com/support/docview.wss?uid=isg1MB03554
- http://www.ibm.com/support/docview.wss?uid=isg1MB03580
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75906
- http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_vioVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1MB03548
- http://www.ibm.com/support/docview.wss?uid=isg1MB03550
- http://www.ibm.com/support/docview.wss?uid=isg1MB03554
- http://www.ibm.com/support/docview.wss?uid=isg1MB03580
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75906
FAQ
What is CVE-2012-2188?
CVE-2012-2188 is a vulnerability with a CVSS score of 7.2 (HIGH). IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does ...
How severe is CVE-2012-2188?
CVE-2012-2188 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2188?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Power Hardware Management Console Firmware, Ibm Systems Director Management Console Firmware.