CVE-2012-1844

The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.

Published: 2012-03-22 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2012-1844 is rated Moderate Risk (61.9/100): CVSS High severity, with medium exploitation likelihood (EPSS 3.50%). Core evidence: EPSS rose +1.24% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2012-1844

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	2.26%	3.50%	+1.24%
2	2025-03-30	1.65%	2.26%	+0.61%
3	2025-03-29	—	1.65%	—

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-1844

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	2.0	HIGH	`AV:N/AC:L/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	10.0	6.4	[email protected]

Weakness enumeration for CVE-2012-1844

CWE-255 MITRE ↗

Vendor comments (NVD) for CVE-2012-1844

Quantum Corporation (2012-06-13T00:00:00)
The vulnerability has never been exploited. However to make sure our customers are protected, all newly shipped versions of the product contain the update that fixes this issue. An official firmware release that fixes the vulnerability is also available for all existing customers. The customer data stored on tape cannot be exploited by this vulnerability.

Affected software / configurations for CVE-2012-1844

Vendor	Product	Version	Raw CPE
quantum	scalar_i500_firmware	<= i7.0.2	cpe:2.3:a:quantum:scalar_i500_firmware::::::::
quantum	scalar_i500_firmware	i2	cpe:2.3:a:quantum:scalar_i500_firmware:i2:::::::*
quantum	scalar_i500_firmware	i3	cpe:2.3:a:quantum:scalar_i500_firmware:i3:::::::*
quantum	scalar_i500_firmware	i3.1	cpe:2.3:a:quantum:scalar_i500_firmware:i3.1:::::::*
quantum	scalar_i500_firmware	i4	cpe:2.3:a:quantum:scalar_i500_firmware:i4:::::::*
quantum	scalar_i500_firmware	i5	cpe:2.3:a:quantum:scalar_i500_firmware:i5:::::::*
quantum	scalar_i500_firmware	i5.1	cpe:2.3:a:quantum:scalar_i500_firmware:i5.1:::::::*
quantum	scalar_i500_firmware	i6	cpe:2.3:a:quantum:scalar_i500_firmware:i6:::::::*
quantum	scalar_i500_firmware	i6.1	cpe:2.3:a:quantum:scalar_i500_firmware:i6.1:::::::*
quantum	scalar_i500_firmware	i7	cpe:2.3:a:quantum:scalar_i500_firmware:i7:::::::*
quantum	scalar_i500_firmware	i7.0.1	cpe:2.3:a:quantum:scalar_i500_firmware:i7.0.1:::::::*
quantum	scalar_i500_firmware	sp4	cpe:2.3:a:quantum:scalar_i500_firmware:sp4:::::::*
quantum	scalar_i500_firmware	sp4.2	cpe:2.3:a:quantum:scalar_i500_firmware:sp4.2:::::::*
quantum	scalar_i500	5u	cpe:2.3:h:quantum:scalar_i500:5u:::::::*
quantum	scalar_i500	14u	cpe:2.3:h:quantum:scalar_i500:14u:::::::*
quantum	scalar_i500	23u	cpe:2.3:h:quantum:scalar_i500:23u:::::::*
dell	powervault_ml6000_firmware	585g.gs003	cpe:2.3:a:dell:powervault_ml6000_firmware:585g.gs003:::::::*
dell	powervault_ml6000	32u	cpe:2.3:h:dell:powervault_ml6000:32u:::::::*
dell	powervault_ml6000	41u	cpe:2.3:h:dell:powervault_ml6000:41u:::::::*
dell	powervault_ml6010	5u	cpe:2.3:h:dell:powervault_ml6010:5u:::::::*
dell	powervault_ml6020	14u	cpe:2.3:h:dell:powervault_ml6020:14u:::::::*
dell	powervault_ml6030	23u	cpe:2.3:h:dell:powervault_ml6030:23u:::::::*
ibm	ts3310_tape_library_firmware	<= 605g.g002	cpe:2.3:a:ibm:ts3310_tape_library_firmware::::::::
ibm	ts3310_tape_library	3573	cpe:2.3:h:ibm:ts3310_tape_library:3573:::::::*
ibm	ts3310_tape_library	3576	cpe:2.3:h:ibm:ts3310_tape_library:3576:::::::*

References for CVE-2012-1844

URL	Tags
http://osvdb.org/80372
http://www.kb.cert.org/vuls/id/913483	US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8	US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8NVRPY	US Government Resource
http://www.kb.cert.org/vuls/id/MORO-8QNJLE	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/74322

cvelogic Threat Intelligence