QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2188

Published: Aug 6, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

ibm-hmc-viosvrcmd-priv-escalation(75906)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_AIXAPAR

vendor-advisory

x_refsource_AIXAPAR

vendor-advisory

x_refsource_AIXAPAR

http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825

x_refsource_CONFIRM

vendor-advisory

x_refsource_AIXAPAR

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.