{"vuid":"VU#194604","idnumber":"194604","name":"IBM Power 5 Service Processor privilege escalation vulnerability","keywords":["ibm","power5","service","processor"],"overview":"IBM Power 5 Service Processor contain a vulnerability which could allow an attacker to operate with elevated privileges.","clean_desc":"IBM's security advisory states, \"A security issue has been identified on IBM Power 5 Systems such that the firewall code does not get executed in certain network configurations leading to elevated privilege. The issue only exists on Service Processor for IBM Power 5 Systems listed below and has not been found to exist in any other IBM System.\"","impact":"An attacker with access to the IBM Power 5 Service Processor could escalate their privileges allowing them to  to perform administrative functions on the system.","resolution":"Update The vendor has stated that this vulnerability has been address in SF240_418_382. Users are advised to upgrade to SF240_418_382 or higher. The fix can be obtained from FixCentral by providing the MTM and current fix level.","workarounds":"IBM's security advisory states the following workaround, \"Configure (any) Static IP addresses on at least one Ethernet interface of the IBM Service processor.\"","sysaffected":"IBM's security advisory states the following affected produ","thanks":"Thanks to Brian Smith for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","a","i","x",".","s","o","f","t","w","a","r","e",".","i","b","m",".","c","o","m","/","a","i","x","/","e","f","i","x","e","s","/","s","e","c","u","r","i","t","y","/","s","q","u","a","d","r","o","n","s","_","a","d","v","i","s","o","r","y",".","a","s","c"],"cveids":["CVE-2012-4856"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-10-09T15:03:26Z","publicdate":"2012-11-19T00:00:00Z","datefirstpublished":"2012-12-12T12:34:19Z","dateupdated":"2013-01-02T13:43:32Z","revision":15,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.9","cvss_basevector":"AV:A/AC:M/Au:N/C:C/I:C/A:C","cvss_temporalscore":"6.2","cvss_environmentalscore":"1.8","cvss_environmentalvector":"CDP:LM/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}