Vulnerabilites related to ibm - x3650
CVE-2013-2352 (GCVE-0-2013-2352)
Vulnerability from cvelistv5
Published
2013-07-10 22:00
Modified
2024-09-16 16:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537 | vendor-advisory, x_refsource_HP | |
| http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/ | x_refsource_MISC | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101257",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/"
},
{
"name": "HPSBST02896",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-10T22:00:00Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT101257",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/"
},
{
"name": "HPSBST02896",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101257",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
},
{
"name": "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/"
},
{
"name": "HPSBST02896",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2013-2352",
"datePublished": "2013-07-10T22:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T16:37:31.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2187 (GCVE-0-2012-2187)
Vulnerability from cvelistv5
Published
2012-09-25 20:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-12T10:00:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "55609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55609"
},
{
"name": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525",
"refsource": "MISC",
"url": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2187",
"datePublished": "2012-09-25T20:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-07-10 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | san\/iq | * | |
| hp | san\/iq | 8.0 | |
| hp | san\/iq | 8.1 | |
| hp | san\/iq | 8.5 | |
| hp | san\/iq | 9.0 | |
| hp | san\/iq | 9.5 | |
| hp | san\/iq | 10.0 | |
| dell | poweredge_2950 | * | |
| hp | dl320s | * | |
| hp | lefthand_nsm2060 | * | |
| hp | lefthand_nsm2060_g2 | * | |
| hp | lefthand_nsm2120_g2 | * | |
| hp | lefthand_vsa | * | |
| hp | p4000_vsa | * | |
| hp | p4300 | * | |
| hp | p4300_g2 | * | |
| hp | p4500 | * | |
| hp | p4500_g2 | * | |
| hp | p4900_g2 | * | |
| hp | storevirtual_4130 | * | |
| hp | storevirtual_4330 | * | |
| hp | storevirtual_4530 | * | |
| hp | storevirtual_4630 | * | |
| hp | storevirtual_4730 | * | |
| hp | storevirtual_vsa | * | |
| ibm | x3650 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:san\\/iq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B40F8A-B05A-4A11-8248-268BFD8576CF",
"versionEndIncluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:san\\/iq:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D937B3C-053B-41A9-8B9B-D3340CB0D327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:san\\/iq:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2FD5CA-3B53-4A94-8CDF-7CEB67FE393D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:san\\/iq:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "38946FF8-2F92-4B6D-98E2-BA88D3868522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:san\\/iq:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "631B1DBC-0B76-4610-A7A5-5F65D3698672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:san\\/iq:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "203F03DF-DE17-4BEF-A5F8-CDFB84C42F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:san\\/iq:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0CF6E8-EB82-49B9-B18A-F1FB4039E9DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:poweredge_2950:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECE7197-361F-465E-B1E0-7320A931F798",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:dl320s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "071D12F8-9CF8-44FF-AFA0-87CA1FD2BAC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:lefthand_nsm2060:*:*:*:*:*:*:*:*",
"matchCriteriaId": "738A6FF1-41DE-488F-B9B3-3D0CE02E2418",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:lefthand_nsm2060_g2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27491DE9-3636-4B74-883D-A65FFB6648C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:lefthand_nsm2120_g2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "454142E2-F96D-49B9-87F6-AEA87ECE7BDE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:lefthand_vsa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81A5AAE4-5EE0-4D73-807E-B0BF82666EFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:p4000_vsa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555DF3BA-ABBA-4118-852F-6ED61CF32914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:p4300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D77F52-72ED-4683-9C58-88F7B9F25D51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:p4300_g2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E998752D-888E-40A7-A66B-6F09508D7C51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:p4500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7E2D2-6650-4EF2-9B31-176E45BAB63D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:p4500_g2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8B1909-0EAC-4D78-89BD-E525CEA0A8DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:p4900_g2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429090AF-D64F-49BD-A0FD-4EADCADBE437",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:storevirtual_4130:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF403618-7CD9-4E9B-A691-5C6C06495FBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:storevirtual_4330:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E18B06F5-033A-403F-8C9A-93C686FD0B63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:storevirtual_4530:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50247977-8A95-4E59-B181-055D30A04636",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:storevirtual_4630:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335C4319-BF69-483E-844E-0F4B201E1987",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:storevirtual_4730:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD5BFA2-FD78-4E0A-A2D6-B64DAD1F68BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:storevirtual_vsa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1AEF436-B249-4C9E-95D9-D784FADFDBFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:x3650:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C88593-6B6A-4772-AF94-63A78FC93121",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password."
},
{
"lang": "es",
"value": "LeftHand OS (tambi\u00e9n conocido con SAN iQ) v10.5 y anteriores en dispositivos HP StoreVirtual Storage no proporcionan mecanismos para deshabilitar la caracter\u00edstica de desaf\u00edo-respuesta de root-login en HP Support, haciendo facil para atacantes remotos obtener privilegios administrativos mediante el aprovechamiento de un one-time password (password de una sola vez) no utilizado."
}
],
"id": "CVE-2013-2352",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-10T22:55:00.953",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03825537"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-25 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E736748-3B17-4448-A0A3-9FA7958B76DF",
"versionEndIncluding": "1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FD0CE1-7E7E-48D7-A58B-99FDA5F1E534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "550B79DE-8189-4CC4-9DC7-0C8718BDE339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E746090-0764-4A98-AC4C-D2F9BDF80602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "374C7AC6-1825-4814-8DFA-405254E405EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9EC609-A69C-4793-9769-84DF9AFE2E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD3419A-C62B-4BEF-BCD1-7AFE100BCA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0826810A-8D83-4922-AE47-A2D00ADDA952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D3851293-B6E6-4A7A-8EA3-442A2E77B772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E24E2370-30AE-4FB5-962A-A59773DAB672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6E0B99-EA63-4E09-8F35-61FD435835AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E98F8EA7-DC0A-49DE-8F38-8242191A71F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBBC639-9A61-4301-8D4A-FA742EABCF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "70DC13FE-C1D4-4F60-8A69-9C0EA993A994",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:x3650:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C88593-6B6A-4772-AF94-63A78FC93121",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:x3850:m2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8280F0-09FB-4BC6-B384-CF7CAC9DF3EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ibm:x3950:m2:*:*:*:*:*:*:*",
"matchCriteriaId": "68E36E55-9F24-4E8B-927D-AFBA5514389A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors."
},
{
"lang": "es",
"value": "El firmware del IBM Remote Supervisor Adapter II para Sistemas x3650, x3850 M2 y x3950 M2 v1.13 y anteriores generan claves RSA d\u00e9biles, lo que hace que sea m\u00e1s f\u00e1cil saltarse los mecanismos criptogr\u00e1ficos de protecci\u00f3n para atacantes remotos a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2012-2187",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-25T20:55:00.877",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/55609"
},
{
"source": "psirt@us.ibm.com",
"url": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}