7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.1%
Administrative access to the system via the GUI may be obtained without supplying proper credentials.
VULNERABILITY DETAILS
CVE** ID:**
CVE-2012-6354
DESCRIPTION:
The vulnerability can be exploited by a user with access to the systemโs management IP interface. If successful the user can gain access with superuser privilege which will allow any modification to the configuration, including complete deletion.
CVSS:
CVSS Base Score: 7.5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/80716> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
AFFECTED PRODUCTS:
IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V3500
IBM Storwize V3700
IBM Flex System V7000
REMEDIATION:
For IBM SAN Volume Controller and IBM Storwize V7000 install PTF level 7.1.0.1, 6.4.1.3, 6.3.0.7 or 6.2.0.6.
For IBM Storwize V3700 and V3500, and IBM Flex System V7000 install PTF level 7.1.0.1 or 6.4.1.3.
Workaround(s):
None
Mitigation(s):
Access to the systemโs IP interface can be restricted, for example using a private network or firewall technology.** **
REFE****RENCES:****_
__ยท _Complete CVSS Guide_
_ยท _On-line Calculator V2 __
__ยท ___CVE-2012-6354 __
ยท _X-Force Vulnerability Database _http://xforce.iss.net/xforce/xfdb/80716
RELATED INFORMATION:
none
ACKNOWLEDGEMENT:
Vulnerability reported by Marcin Mielnoczek of Narodowe Archiwum Cyfrowe (National Digital Archives)
[{โProductโ:{โcodeโ:โST3FR7โ,โlabelโ:โIBM Storwize V7000โ},โBusiness Unitโ:{โcodeโ:โBU058โ,โlabelโ:โIBM Infrastructure w/TPSโ},โComponentโ:โ6.4โ,โPlatformโ:[{โcodeโ:โโ,โlabelโ:โIBM Storwize V7000โ}],โVersionโ:โ6.1;6.2;6.3;6.4โ,โEditionโ:โโ,โLine of Businessโ:{โcodeโ:โLOB26โ,โlabelโ:โStorageโ}},{โProductโ:{โcodeโ:โSTPVGUโ,โlabelโ:โSAN Volume Controllerโ},โBusiness Unitโ:{โcodeโ:โBU058โ,โlabelโ:โIBM Infrastructure w/TPSโ},โComponentโ:โ6.4โ,โPlatformโ:[{โcodeโ:โโ,โlabelโ:โSAN Volume Controllerโ}],โVersionโ:โ6.1;6.2;6.3;6.4โ,โEditionโ:โโ,โLine of Businessโ:{โcodeโ:โLOB26โ,โlabelโ:โStorageโ}},{โProductโ:{โcodeโ:โSTLM6Bโ,โlabelโ:โIBM Storwize V3500 (2071)โ},โBusiness Unitโ:{โcodeโ:โBU058โ,โlabelโ:โIBM Infrastructure w/TPSโ},โComponentโ:โ6.4โ,โPlatformโ:[{โcodeโ:โPF025โ,โlabelโ:โPlatform Independentโ}],โVersionโ:โ6.4โ,โEditionโ:โโ,โLine of Businessโ:{โcodeโ:โLOB26โ,โlabelโ:โStorageโ}},{โProductโ:{โcodeโ:โSTLM5Aโ,โlabelโ:โIBM Storwize V3700 (2072)โ},โBusiness Unitโ:{โcodeโ:โBU058โ,โlabelโ:โIBM Infrastructure w/TPSโ},โComponentโ:โ6.4โ,โPlatformโ:[{โcodeโ:โPF025โ,โlabelโ:โPlatform Independentโ}],โVersionโ:โNot Applicableโ,โEditionโ:โโ,โLine of Businessโ:{โcodeโ:โLOB26โ,โlabelโ:โStorageโ}}]