CVE-2012-1843: CSRF
First published: Thu Mar 22 2012(Updated: )
Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quantum Scalar I500 Firmware | <=i7.0.2 | |
| Quantum Scalar I500 Firmware | =i2 | |
| Quantum Scalar I500 Firmware | =i3 | |
| Quantum Scalar I500 Firmware | =i3.1 | |
| Quantum Scalar I500 Firmware | =i4 | |
| Quantum Scalar I500 Firmware | =i5 | |
| Quantum Scalar I500 Firmware | =i5.1 | |
| Quantum Scalar I500 Firmware | =i6 | |
| Quantum Scalar I500 Firmware | =i6.1 | |
| Quantum Scalar I500 Firmware | =i7 | |
| Quantum Scalar I500 Firmware | =i7.0.1 | |
| Quantum Scalar I500 Firmware | =sp4 | |
| Quantum Scalar I500 Firmware | =sp4.2 | |
| Quantum Scalar i500 | =5u | |
| Quantum Scalar i500 | =14u | |
| Quantum Scalar i500 | =23u | |
| Dell Powervault ML6000 Firmware | =585g.gs003 | |
| Dell Powervault ML6000 | =32u | |
| Dell Powervault ML6000 | =41u | |
| Dell Powervault ML6010 | =5u | |
| Dell PowerVault ML6020 | =14u | |
| Dell Powervault Ml6030 | =23u |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-1843?
CVE-2012-1843 is considered a medium severity vulnerability that allows attackers to perform cross-site request forgery.
How do I fix CVE-2012-1843?
To fix CVE-2012-1843, upgrade your firmware to version i7.0.3 or later for Quantum Scalar i500 or A20-00 or later for Dell ML6000.
What systems are affected by CVE-2012-1843?
CVE-2012-1843 affects Quantum Scalar i500 tape library firmware versions prior to i7.0.3 and Dell ML6000 tape library firmware versions prior to A20-00.
Is CVE-2012-1843 a remote vulnerability?
Yes, CVE-2012-1843 is a remote vulnerability that can be exploited by attackers over the network.
What type of attack does CVE-2012-1843 enable?
CVE-2012-1843 enables attackers to hijack the authentication of users through cross-site request forgery.
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- vendor/quantum
- canonical/quantum scalar i500 firmware
- version/quantum scalar i500 firmware/i7.0.2
- version/quantum scalar i500 firmware/i2
- version/quantum scalar i500 firmware/i3
- version/quantum scalar i500 firmware/i3.1
- version/quantum scalar i500 firmware/i4
- version/quantum scalar i500 firmware/i5
- version/quantum scalar i500 firmware/i5.1
- version/quantum scalar i500 firmware/i6
- version/quantum scalar i500 firmware/i6.1
- version/quantum scalar i500 firmware/i7
- version/quantum scalar i500 firmware/i7.0.1
- version/quantum scalar i500 firmware/sp4
- version/quantum scalar i500 firmware/sp4.2
- canonical/quantum scalar i500
- version/quantum scalar i500/5u
- version/quantum scalar i500/14u
- version/quantum scalar i500/23u
- vendor/dell
- canonical/dell powervault ml6000 firmware
- version/dell powervault ml6000 firmware/585g.gs003
- canonical/dell powervault ml6000
- version/dell powervault ml6000/32u
- version/dell powervault ml6000/41u
- canonical/dell powervault ml6010
- version/dell powervault ml6010/5u
- canonical/dell powervault ml6020
- version/dell powervault ml6020/14u
- canonical/dell powervault ml6030
- version/dell powervault ml6030/23u