Unrated severityNVD Advisory· Published Aug 6, 2012· Updated Apr 29, 2026
CVE-2012-2188
CVE-2012-2188
Description
IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r3.5.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r3.5.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:power_hardware_management_console_firmware:7r7.3.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:systems_director_management__console_firmware:6r7.3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:ibm:systems_director_management__console_firmware:6r7.3.0:*:*:*:*:*:*:*
- (no CPE)range: 6R7.3.0 before SP2
- Range: 7R3.5.0 before SP4, 7R7.1.0/7R7.2.0 before 7R7.2.0 SP3, 7R7.3.0 before SP2
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
6- www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825nvdVendor Advisory
- www.ibm.com/support/docview.wssnvd
- www.ibm.com/support/docview.wssnvd
- www.ibm.com/support/docview.wssnvd
- www.ibm.com/support/docview.wssnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/75906nvd
News mentions
0No linked articles in our index yet.