CVE-2012-2166 - OpenCVE

IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Xiv Storage System 2812-a14 Firmware Xiv Storage System 2810-a14 Firmware Xiv Storage System 2812-a14 Xiv Storage System 2812-114 Firmware Xiv Storage System 2812-114 Xiv Storage System 2810-114 Xiv Storage System 2810-a14 Xiv Storage System 2810-114 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ibm:xiv_storage_system_2810-a14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:xiv_storage_system_2810-a14:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ibm:xiv_storage_system_2812-a14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:xiv_storage_system_2812-a14:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ibm:xiv_storage_system_2810-114_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:xiv_storage_system_2810-114:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ibm:xiv_storage_system_2812-114_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:xiv_storage_system_2812-114:-:*:*:*:*:*:*:*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004256	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/75041	VDB Entry Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2018-02-08T23:00:00

Updated: 2018-02-09T14:57:01

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2166

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-02-08T23:29:00.407

Modified: 2018-03-10T15:07:40.447

Link: CVE-2012-2166

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-09T14:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004256"}, {"name": "xivstoragesystem-default-password(75041)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75041"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2166", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004256", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004256"}, {"name": "xivstoragesystem-default-password(75041)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75041"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2166", "datePublished": "2018-02-08T23:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2018-02-09T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:xiv_storage_system_2810-a14_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3298581B-32E7-40C8-9E4F-993E6F1BE208", "versionEndExcluding": "10.2.4.e-2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:xiv_storage_system_2810-a14:-:*:*:*:*:*:*:*", "matchCriteriaId": "46DF84EB-1485-4002-A58B-174D95BB4584", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:xiv_storage_system_2812-a14_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "807D8EDE-4206-451D-9EE5-B95F0D0B7B9A", "versionEndExcluding": "10.2.4.e-2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:xiv_storage_system_2812-a14:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA0257F1-5545-4A3D-AECB-22D87247E8C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:xiv_storage_system_2810-114_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3086BEDD-ED4E-449C-95F9-6438170409B9", "versionEndExcluding": "11.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:xiv_storage_system_2810-114:-:*:*:*:*:*:*:*", "matchCriteriaId": "20CD8324-20E1-4E3C-932A-77281F8FD034", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:xiv_storage_system_2812-114_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D29C4487-8ACE-49F2-B8E5-FACA401B7C72", "versionEndExcluding": "11.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:xiv_storage_system_2812-114:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDEE88CF-7095-417C-875A-ED084C767C12", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041."}, {"lang": "es", "value": "Los dispositivos IBM XIV Storage System 2810-A14 y 2812-A14 anteriores a level 10.2.4.e-2 y los dispositivos 2810-114 y 2812-114 anteriores a level 11.1.1 tienen contrase\u00f1as embebidas para cuentas sin especificar, lo que permite que atacantes remotos obtengan acceso como usuario mediante vectores desconocidos. IBM X-Force ID: 75041."}], "id": "CVE-2012-2166", "lastModified": "2018-03-10T15:07:40.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-08T23:29:00.407", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004256"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75041"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}