Power 5 System Firmware
CVE-2012-4856
HIGH
Credentials Management Errors (CWE-255)
2012-12-20
psirt@us.ibm.com
7.9
CVSS 2.0 · NVD
Share
Severity by source
NVD
PRIMARY
7.9
HIGH
AV:A/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:A/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Adjacent
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Lifecycle Timeline
1
CVE Published
Dec 20, 2012 - 12:02 cve.org
HIGH 7.9
DescriptionCVE.org
The Service Processor in the IBM Power 5 91##-
and 940#-
before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.
AnalysisAI
The Service Processor in the IBM Power 5 91##-
and 940#-
before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via. Rated high severity (CVSS 7.9). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-255. The Service Processor in the IBM Power 5 91##-
and 940#-
before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. Affected products include: Ibm Power 5 System Firmware, Ibm Power 5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-255 – Credentials Management Errors
View allShare
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).