Security readout for executives and security teams
Plain-English summary
This CVE affects certain HP OpenVMS releases on Itanium and Alpha systems. A local user could trigger a denial of service in login-related components, potentially disrupting access to the system. The public details do not explain the exact trigger or name a confirmed fix in the provided bundle.
Executive priority
Prioritize based on business dependency. This is not evidenced as internet-exploitable or actively exploited, but it can affect availability of critical legacy OpenVMS systems if local users are present.
Technical view
The issue is described as improper implementation of the LOGIN and ACME_SERVER ACMELOGIN programs in listed HP OpenVMS versions. The impact is local denial of service via unspecified vectors. No CVSS score, CWE, exploit details, or confirmed remediation text is present in the provided sources.
Likely exposure
Exposure is limited to environments running the listed HP OpenVMS versions on Itanium or Alpha platforms. Risk is highest where local user accounts exist on critical legacy systems.
Exploitation context
The bundle does not show CISA KEV listing or other evidence of active exploitation. The CVE states local users can cause denial of service, but vectors are unspecified.
Researcher notes
Public technical detail is sparse. The record names affected versions, impacted programs, and local denial of service impact, but not root cause, attack vector specifics, CVSS, CWE, or remediation details beyond the HP advisory reference.
Mitigation direction
- Review HP SSRT101055 for vendor-confirmed fixes or operational guidance.
- Inventory OpenVMS systems by version and Alpha or Itanium platform.
- Prioritize remediation for critical systems with local interactive users.
- Limit unnecessary local accounts and interactive login access.
- Monitor login and ACME_SERVER stability until vendor guidance is applied.
Validation and detection
- Confirm whether any host runs an affected OpenVMS version and platform.
- Compare patch status against HP SSRT101055 guidance.
- Review system logs for login failures, service restarts, or availability anomalies.
- Verify local account population and remove unnecessary access.
- Document compensating controls where vendor remediation is unavailable.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2012-3276 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- SSRT101055CVE reference · vendor-advisory, x_refsource_HP
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
