Skip to main content

San Volume Controller Software CVE-2012-6354

HIGH
Improper Authentication (CWE-287)
2013-02-19 psirt@us.ibm.com
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Feb 19, 2013 - 19:55 cve.org
HIGH 7.5

DescriptionCVE.org

The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.

AnalysisAI

The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. Affected products include: Ibm San Volume Controller Software, Ibm Storwize V7000. Version information: before 6.4.1.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

Share

CVE-2012-6354 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy