Vulnerability Details : CVE-2012-4856
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerability category: Execute code
Products affected by CVE-2012-4856
- cpe:2.3:o:ibm:power_5_system_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_403_382:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_382_382:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_259_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_258_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_371:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_415_382:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_284_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_261_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_201_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_338_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_417:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_299_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_298_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_219_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_202_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_358_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_332_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_320_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_233_201:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_5_system_firmware:sf240_222_201:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9117-570:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9131-52a:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9113-550:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9124-720:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9405-520:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9111-285:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9115-505:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9110-510:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9406-525:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9406-550:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9133-55a:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9116-561:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9406-520:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9407-515:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9110-51a:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9111-520:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9118-575:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9123-710:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:power_5:9406-570:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4856
2.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4856
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.9
|
HIGH | AV:A/AC:M/Au:N/C:C/I:C/A:C |
5.5
|
10.0
|
NIST |
CWE ids for CVE-2012-4856
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4856
-
http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.asc
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79736
IBM POWER5 Server System Firmware service processor unauthorized access CVE-2012-4856 Vulnerability Report
-
http://www.kb.cert.org/vuls/id/194604
VU#194604 - IBM Power 5 Service Processor privilege escalation vulnerabilityUS Government Resource
Jump to