PT-2012-3868 · Ibm · Systems Director Management Console+1

Published

2012-08-06

·

Updated

2017-08-29

·

CVE-2012-2188

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions IBM Power Hardware Management Console (HMC) versions 7R3.5.0 through 7R3.5.0 before SP4 IBM Power Hardware Management Console (HMC) versions 7R7.1.0 through 7R7.2.0 before 7R7.2.0 SP3 IBM Power Hardware Management Console (HMC) versions 7R7.3.0 through 7R7.3.0 before SP2 Systems Director Management Console (SDMC) versions 6R7.3.0 through 6R7.3.0 before SP2
Description The issue allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character, due to the improper restriction of the VIOS viosrvcmd command.
Recommendations For IBM Power Hardware Management Console (HMC) versions 7R3.5.0 through 7R3.5.0 before SP4, update to at least SP4. For IBM Power Hardware Management Console (HMC) versions 7R7.1.0 through 7R7.2.0 before 7R7.2.0 SP3, update to at least 7R7.2.0 SP3. For IBM Power Hardware Management Console (HMC) versions 7R7.3.0 through 7R7.3.0 before SP2, update to at least SP2. For Systems Director Management Console (SDMC) versions 6R7.3.0 through 6R7.3.0 before SP2, update to at least SP2.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-2188

Affected Products

Ibm Hardware Management Console
Systems Director Management Console