Lucene search
IbmCVE-2012-4856HistoryDec 20, 2012 - 12:02 p.m.
CVE-2012-4856
2012-12-2012:02:18
CWE-255
ibm
web.nvd.nist.gov
24
ibm
power 5
service processor
remote code execution
cve-2012-4856
security vulnerability
CVSS2
7.9
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.8
Confidence
Low
EPSS
0.029
Percentile
90.8%
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.
Affected configurations
Node
ibmpower_5_system_firmwareRange≤sf240_418
ORibmpower_5_system_firmwareMatchsf240_201_201
ORibmpower_5_system_firmwareMatchsf240_202_201
ORibmpower_5_system_firmwareMatchsf240_219_201
ORibmpower_5_system_firmwareMatchsf240_222_201
ORibmpower_5_system_firmwareMatchsf240_233_201
ORibmpower_5_system_firmwareMatchsf240_258_201
ORibmpower_5_system_firmwareMatchsf240_259_201
ORibmpower_5_system_firmwareMatchsf240_261_201
ORibmpower_5_system_firmwareMatchsf240_284_201
ORibmpower_5_system_firmwareMatchsf240_298_201
ORibmpower_5_system_firmwareMatchsf240_299_201
ORibmpower_5_system_firmwareMatchsf240_320_201
ORibmpower_5_system_firmwareMatchsf240_332_201
ORibmpower_5_system_firmwareMatchsf240_338_201
ORibmpower_5_system_firmwareMatchsf240_358_201
ORibmpower_5_system_firmwareMatchsf240_371
ORibmpower_5_system_firmwareMatchsf240_382_382
ORibmpower_5_system_firmwareMatchsf240_403_382
ORibmpower_5_system_firmwareMatchsf240_415_382
ORibmpower_5_system_firmwareMatchsf240_417
ibmpower_5Match9110-51a
ORibmpower_5Match9110-510
ORibmpower_5Match9111-285
ORibmpower_5Match9111-520
ORibmpower_5Match9113-550
ORibmpower_5Match9115-505
ORibmpower_5Match9116-561
ORibmpower_5Match9117-570
ORibmpower_5Match9118-575
ORibmpower_5Match9123-710
ORibmpower_5Match9124-720
ORibmpower_5Match9131-52a
ORibmpower_5Match9133-55a
ORibmpower_5Match9405-520
ORibmpower_5Match9406-520
ORibmpower_5Match9406-525
ORibmpower_5Match9406-550
ORibmpower_5Match9406-570
ORibmpower_5Match9407-515
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | power_5_system_firmware | * | cpe:2.3:o:ibm:power_5_system_firmware:*:*:*:*:*:*:*:* |
| ibm | power_5_system_firmware | sf240_201_201 | cpe:2.3:o:ibm:power_5_system_firmware:sf240_201_201:*:*:*:*:*:*:* |
| ibm | power_5_system_firmware | sf240_202_201 | cpe:2.3:o:ibm:power_5_system_firmware:sf240_202_201:*:*:*:*:*:*:* |
| ibm | power_5_system_firmware | sf240_219_201 | cpe:2.3:o:ibm:power_5_system_firmware:sf240_219_201:*:*:*:*:*:*:* |
| ibm | power_5_system_firmware | sf240_222_201 | cpe:2.3:o:ibm:power_5_system_firmware:sf240_222_201:*:*:*:*:*:*:* |
| ibm | power_5_system_firmware | sf240_233_201 | cpe:2.3:o:ibm:power_5_system_firmware:sf240_233_201:*:*:*:*:*:*:* |
| ibm | power_5_system_firmware | sf240_258_201 | cpe:2.3:o:ibm:power_5_system_firmware:sf240_258_201:*:*:*:*:*:*:* |
| ibm | power_5_system_firmware | sf240_259_201 | cpe:2.3:o:ibm:power_5_system_firmware:sf240_259_201:*:*:*:*:*:*:* |
| ibm | power_5_system_firmware | sf240_261_201 | cpe:2.3:o:ibm:power_5_system_firmware:sf240_261_201:*:*:*:*:*:*:* |
| ibm | power_5_system_firmware | sf240_284_201 | cpe:2.3:o:ibm:power_5_system_firmware:sf240_284_201:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2012-12-20 12:02:00
cvelist
cvelist
CVE-2012-4856
2012-12-20 11:00:00
cert
cert
IBM Power 5 Service Processor privilege escalation vulnerability
2012-12-12 00:00:00
nvd
nvd
CVE-2012-4856
2012-12-20 12:02:18
CVSS2
7.9
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.8
Confidence
Low
EPSS
0.029
Percentile
90.8%
Related for CVE-2012-4856