CVE-2012-2188

high

Description

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/75906

http://www.ibm.com/support/docview.wss?uid=isg1MB03580

http://www.ibm.com/support/docview.wss?uid=isg1MB03554

http://www.ibm.com/support/docview.wss?uid=isg1MB03550

http://www.ibm.com/support/docview.wss?uid=isg1MB03548

http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825

Details

Source: Mitre, NVD

Published: 2012-08-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00055