Privilege Escalation Vulnerability in IBM Power Hardware Management Console and Systems Director Management Console
CVE-2012-2188

Currently unrated

Key Information:

Vendor: IBM
Status: Systems Director Management Console Firmware; Power Hardware Management Console Firmware
Vendor: CVE Published:; 6 August 2012

Summary

A vulnerability in IBM's Power Hardware Management Console and Systems Director Management Console has been identified, where improper restrictions on the viosrvcmd command can allow local users to escalate their privileges. Specifically, this vulnerability arises from the mishandling of certain characters in command parameters, namely the dollar sign ($) and ampersand (&). Exploitation of this vulnerability enables unauthorized users to gain elevated access and execute commands with higher privileges than intended, potentially compromising the integrity of the management environment.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/75906

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=isg1MB03580

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=isg1MB03554

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Aug 6, 2012
Vulnerability Reserved
Apr 4, 2012