CVE-2012-2166

moderate-risk
Published 2018-02-08

IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.

Do I need to act?

~
3.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (4)

Xiv Storage System 2810-A14 Firmware
Xiv Storage System 2812-A14 Firmware
Xiv Storage System 2810-114 Firmware
Xiv Storage System 2812-114 Firmware

Affected Vendors

Ibm

References (4)

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004256
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/75041
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004256
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/75041
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 10/34 · Low