CVE-2012-2187

IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25	Vendor Advisory
http://www.securityfocus.com/bid/55609
https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware::::::::
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.0:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.1:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.2:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.3:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.4:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.5:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.6:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.7:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.8:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.9:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.10:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.11:::::::*
	cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.12:::::::*

OR	cpe:2.3:h:ibm:x3650::::::::
	cpe:2.3:h:ibm:x3850:m2:::::::*
	cpe:2.3:h:ibm:x3950:m2:::::::*

History

No history.

Information

Published : 2012-09-25 20:55

Updated : 2013-02-12 05:08

NVD link : CVE-2012-2187

Mitre link : CVE-2012-2187

CVE.ORG link : CVE-2012-2187

JSON object : View

Products Affected

ibm

x3650
remote_supervisor_adapter_ii_firmware
x3850
x3950

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2012-2187", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-09-25T20:55:00.877", "references": [{"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_weak_key_vulnerability_in_remote_supervisor_adapter_ii_firmware_cve_2012_2187_ibm_system_x3650_system_x3850_m2_system_x3950_m25", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/55609", "source": "psirt@us.ibm.com"}, {"url": "https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5091525", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors."}, {"lang": "es", "value": "El firmware del IBM Remote Supervisor Adapter II para Sistemas x3650, x3850 M2 y x3950 M2 v1.13 y anteriores generan claves RSA d\u00e9biles, lo que hace que sea m\u00e1s f\u00e1cil saltarse los mecanismos criptogr\u00e1ficos de protecci\u00f3n para atacantes remotos a trav\u00e9s de vectores no especificados.\r\n"}], "lastModified": "2013-02-12T05:08:29.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E736748-3B17-4448-A0A3-9FA7958B76DF", "versionEndIncluding": "1.13"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1FD0CE1-7E7E-48D7-A58B-99FDA5F1E534"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "550B79DE-8189-4CC4-9DC7-0C8718BDE339"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E746090-0764-4A98-AC4C-D2F9BDF80602"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "374C7AC6-1825-4814-8DFA-405254E405EA"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC9EC609-A69C-4793-9769-84DF9AFE2E27"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDD3419A-C62B-4BEF-BCD1-7AFE100BCA14"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0826810A-8D83-4922-AE47-A2D00ADDA952"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3851293-B6E6-4A7A-8EA3-442A2E77B772"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E24E2370-30AE-4FB5-962A-A59773DAB672"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F6E0B99-EA63-4E09-8F35-61FD435835AB"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E98F8EA7-DC0A-49DE-8F38-8242191A71F0"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDBBC639-9A61-4301-8D4A-FA742EABCF41"}, {"criteria": "cpe:2.3:a:ibm:remote_supervisor_adapter_ii_firmware:1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70DC13FE-C1D4-4F60-8A69-9C0EA993A994"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:x3650:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C0C88593-6B6A-4772-AF94-63A78FC93121"}, {"criteria": "cpe:2.3:h:ibm:x3850:m2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB8280F0-09FB-4BC6-B384-CF7CAC9DF3EA"}, {"criteria": "cpe:2.3:h:ibm:x3950:m2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68E36E55-9F24-4E8B-927D-AFBA5514389A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}