CVE-2012-4856

Name: CVE-2012-4856
Creator: NVD / NIST
Published: 2012-12-20T12:02:18.2+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.17%

Last modified Jun 16, 2026

CVE-2012-4856 is a vulnerability of currently unknown severity. The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.. EPSS estimates a 1.17% chance of exploitation in the next 30 days.

Description

The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.

Metrics

EPSS Probability

1.17%

63.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-255

Affected Software

Vendor	Product	Versions
Ibm	Power 5 System Firmware	<= sf240_418
Ibm	Power 5 System Firmware	sf240_201_201
Ibm	Power 5 System Firmware	sf240_202_201
Ibm	Power 5 System Firmware	sf240_219_201
Ibm	Power 5 System Firmware	sf240_222_201
Ibm	Power 5 System Firmware	sf240_233_201
Ibm	Power 5 System Firmware	sf240_258_201
Ibm	Power 5 System Firmware	sf240_259_201
Ibm	Power 5 System Firmware	sf240_261_201
Ibm	Power 5 System Firmware	sf240_284_201
Ibm	Power 5 System Firmware	sf240_298_201
Ibm	Power 5 System Firmware	sf240_299_201
Ibm	Power 5 System Firmware	sf240_320_201
Ibm	Power 5 System Firmware	sf240_332_201
Ibm	Power 5 System Firmware	sf240_338_201
Ibm	Power 5 System Firmware	sf240_358_201
Ibm	Power 5 System Firmware	sf240_371
Ibm	Power 5 System Firmware	sf240_382_382
Ibm	Power 5 System Firmware	sf240_403_382
Ibm	Power 5 System Firmware	sf240_415_382
Ibm	Power 5 System Firmware	sf240_417
Ibm	Power 5	9110-51a
Ibm	Power 5	9110-510
Ibm	Power 5	9111-285
Ibm	Power 5	9111-520
Ibm	Power 5	9113-550
Ibm	Power 5	9115-505
Ibm	Power 5	9116-561
Ibm	Power 5	9117-570
Ibm	Power 5	9118-575
Ibm	Power 5	9123-710
Ibm	Power 5	9124-720
Ibm	Power 5	9131-52a
Ibm	Power 5	9133-55a
Ibm	Power 5	9405-520
Ibm	Power 5	9406-520
Ibm	Power 5	9406-525
Ibm	Power 5	9406-550
Ibm	Power 5	9406-570
Ibm	Power 5	9407-515

References

http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.ascVendor Advisory
http://www.kb.cert.org/vuls/id/194604US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/79736
http://aix.software.ibm.com/aix/efixes/security/squadrons_advisory.ascVendor Advisory
http://www.kb.cert.org/vuls/id/194604US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/79736

Timeline

Published: Dec 20, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-4856?

How severe is CVE-2012-4856?

Severity scoring for CVE-2012-4856 is pending analysis. The EPSS model estimates a 1.17% probability of exploitation in the next 30 days.

How do I fix CVE-2012-4856?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-4856?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST