Vulnerability CVE-2012-1844

Vulnerability CVE-2012-1844

Published: 2012-03-22

Description:

The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Quantum -> Scalar i500 firmware
Quantum -> Scalar i500
IBM -> Ts3310 tape library firmware
IBM -> Ts3310 tape library
DELL -> Powervault ml6000 firmware
DELL -> Powervault ml6000
DELL -> Powervault ml6010
DELL -> Powervault ml6020
DELL -> Powervault ml6030

References:

http://osvdb.org/80372

http://www.kb.cert.org/vuls/id/913483

http://www.kb.cert.org/vuls/id/MAPG-8NNKN8

http://www.kb.cert.org/vuls/id/MAPG-8NVRPY

http://www.kb.cert.org/vuls/id/MORO-8QNJLE

https://exchange.xforce.ibmcloud.com/vulnerabilities/74322

Copyright 2024, cxsecurity.com