Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-4856

The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.

Published

2012-12-20T12:02:18.200

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.9 (HIGH)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

5.5

Impact Score

10.0

Weaknesses

Type: Primary
CWE-255

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ibm	power_5_system_firmware	≤ sf240_418	Yes
Operating System	ibm	power_5_system_firmware	sf240_201_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_202_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_219_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_222_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_233_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_258_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_259_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_261_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_284_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_298_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_299_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_320_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_332_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_338_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_358_201	Yes
Operating System	ibm	power_5_system_firmware	sf240_371	Yes
Operating System	ibm	power_5_system_firmware	sf240_382_382	Yes
Operating System	ibm	power_5_system_firmware	sf240_403_382	Yes
Operating System	ibm	power_5_system_firmware	sf240_415_382	Yes
Operating System	ibm	power_5_system_firmware	sf240_417	Yes
Hardware	ibm	power_5	9110-51a	Yes
Hardware	ibm	power_5	9110-510	Yes
Hardware	ibm	power_5	9111-285	Yes
Hardware	ibm	power_5	9111-520	Yes
Hardware	ibm	power_5	9113-550	Yes
Hardware	ibm	power_5	9115-505	Yes
Hardware	ibm	power_5	9116-561	Yes
Hardware	ibm	power_5	9117-570	Yes
Hardware	ibm	power_5	9118-575	Yes
Hardware	ibm	power_5	9123-710	Yes
Hardware	ibm	power_5	9124-720	Yes
Hardware	ibm	power_5	9131-52a	Yes
Hardware	ibm	power_5	9133-55a	Yes
Hardware	ibm	power_5	9405-520	Yes
Hardware	ibm	power_5	9406-520	Yes
Hardware	ibm	power_5	9406-525	Yes
Hardware	ibm	power_5	9406-550	Yes
Hardware	ibm	power_5	9406-570	Yes
Hardware	ibm	power_5	9407-515	Yes

References

http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.asc Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/194604 US Government Resource ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/79736 ([email protected])
http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.asc Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/194604 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79736 (af854a3a-2127-422b-91ae-364da2661108)