1. CVE-Search
  2. CVE-2012-1844
ID CVE-2012-1844
Summary The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:quantum:scalar_i500_firmware:i2:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i2:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i3:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i3:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i3.1:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i4:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i4:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i5:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i5:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i5.1:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i6:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i6:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i6.1:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i7:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i7:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:i7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:i7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:sp4:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:sp4:*:*:*:*:*:*:*
  • cpe:2.3:a:quantum:scalar_i500_firmware:sp4.2:*:*:*:*:*:*:*
    cpe:2.3:a:quantum:scalar_i500_firmware:sp4.2:*:*:*:*:*:*:*
  • cpe:2.3:h:quantum:scalar_i500:5u:*:*:*:*:*:*:*
    cpe:2.3:h:quantum:scalar_i500:5u:*:*:*:*:*:*:*
  • cpe:2.3:h:quantum:scalar_i500:14u:*:*:*:*:*:*:*
    cpe:2.3:h:quantum:scalar_i500:14u:*:*:*:*:*:*:*
  • cpe:2.3:h:quantum:scalar_i500:23u:*:*:*:*:*:*:*
    cpe:2.3:h:quantum:scalar_i500:23u:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:powervault_ml6000_firmware:585g.gs003:*:*:*:*:*:*:*
    cpe:2.3:a:dell:powervault_ml6000_firmware:585g.gs003:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:powervault_ml6000:32u:*:*:*:*:*:*:*
    cpe:2.3:h:dell:powervault_ml6000:32u:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:powervault_ml6000:41u:*:*:*:*:*:*:*
    cpe:2.3:h:dell:powervault_ml6000:41u:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:powervault_ml6010:5u:*:*:*:*:*:*:*
    cpe:2.3:h:dell:powervault_ml6010:5u:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:powervault_ml6020:14u:*:*:*:*:*:*:*
    cpe:2.3:h:dell:powervault_ml6020:14u:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:powervault_ml6030:23u:*:*:*:*:*:*:*
    cpe:2.3:h:dell:powervault_ml6030:23u:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:ts3310_tape_library_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:ts3310_tape_library_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:ibm:ts3310_tape_library:3573:*:*:*:*:*:*:*
    cpe:2.3:h:ibm:ts3310_tape_library:3573:*:*:*:*:*:*:*
  • cpe:2.3:h:ibm:ts3310_tape_library:3576:*:*:*:*:*:*:*
    cpe:2.3:h:ibm:ts3310_tape_library:3576:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-01-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
cert-vn VU#913483
misc
osvdb 80372
xf scalar-default-account(74322)
statements via4
contributor
lastmodified 2012-06-13
organization Quantum Corporation
statement The vulnerability has never been exploited. However to make sure our customers are protected, all newly shipped versions of the product contain the update that fixes this issue. An official firmware release that fixes the vulnerability is also available for all existing customers. The customer data stored on tape cannot be exploited by this vulnerability.
Last major update 10-01-2018 - 02:29
Published 22-03-2012 - 10:17
Last modified 10-01-2018 - 02:29
Back to Top