PT-2012-3847 · Ibm · Ibm Scale Out Network Attached Storage

Published

2012-07-30

Updated

2017-08-29

CVE-2012-2163

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Scale Out Network Attached Storage (SONAS) versions 1.1 through 1.3.1

Description The issue allows remote authenticated administrators to execute arbitrary Linux commands, related to a code injection problem. This can be achieved via the Command Line Interface or the Graphical User Interface.

Recommendations For versions 1.1 through 1.3.1, consider restricting access to the Command Line Interface and Graphical User Interface to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the privileges of remote authenticated administrators to reduce the potential impact of arbitrary command execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-2163

Affected Products

Ibm Scale Out Network Attached Storage

PT-2012-3847 · Ibm · Ibm Scale Out Network Attached Storage

CVE-2012-2163

Weakness Enumeration

Related Identifiers

Affected Products

References · 3