Sign-up

ID

VAR-201304-0251


CVE

CVE-2013-1185


TITLE

Cisco UCS of Manager Component Web Vulnerabilities that capture important information in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2013-002475

DESCRIPTION

The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543. Successful exploits will allow attackers to obtain sensitive information. This may result in the complete compromise of the system. This issue is tracked by Cisco Bug ID CSCtq86543. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2013-1185 // JVNDB: JVNDB-2013-002475 // BID: 59459 // VULHUB: VHN-61187

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(3m\)

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:2.0\(1w\)

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:2.0\(1t\)

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:2.0\(1s\)

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(3q\)

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(3s\)

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(3u\)

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:2.0\(1q\)

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(4k\)

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.1

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(3y\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.3\(1t\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.0

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.2\(1\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.3\(1w\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(4f\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.0\(2k\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.3\(1c\)

Trust: 1.0

vendor:ciscomodel:unified computing system 6120xp fabric interconnectscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(4j\)

Trust: 1.0

vendor:ciscomodel:unified computing system 6296up fabric interconnectscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.3\(1m\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.1\(1m\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.2

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(4i\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.3\(1p\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.3\(1n\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(1m\)

Trust: 1.0

vendor:ciscomodel:unified computing system 6248up fabric interconnectscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system integrated management controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(1j\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(3l\)

Trust: 1.0

vendor:ciscomodel:unified computing system 6140xp fabric interconnectscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(3i\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.3\(1y\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.3\(1o\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.2\(1a\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.2\(1d\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.3\(1q\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(4g\)

Trust: 1.0

vendor:ciscomodel:ucs 6248up 48 port fabric interconnectscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs infrastructure and ucs manager softwarescope:eqversion:1.1

Trust: 0.8

vendor:ciscomodel:ucs integrated management controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs infrastructure and ucs manager softwarescope:eqversion:1.0

Trust: 0.8

vendor:ciscomodel:ucs 6120xp-20 port fabric interconnectscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs infrastructure and ucs manager softwarescope:eqversion:2.0(2m)

Trust: 0.8

vendor:ciscomodel:ucs 6140xp-40 port fabric interconnectscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs 6296up 96 port fabric interconnectscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs infrastructure and ucs manager softwarescope:ltversion:2.x

Trust: 0.8

vendor:ciscomodel:ucs infrastructure and ucs manager softwarescope:eqversion:1.2

Trust: 0.8

vendor:ciscomodel:ucs infrastructure and ucs manager softwarescope:eqversion:1.3

Trust: 0.8

vendor:ciscomodel:ucs infrastructure and ucs manager softwarescope:eqversion:1.4

Trust: 0.8

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:2.0\(1x\)

Trust: 0.6

sources: JVNDB: JVNDB-2013-002475 // CNNVD: CNNVD-201304-520 // NVD: CVE-2013-1185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1185
value: HIGH

Trust: 1.0

NVD: CVE-2013-1185
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201304-520
value: CRITICAL

Trust: 0.6

VULHUB: VHN-61187
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1185
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61187
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61187 // JVNDB: JVNDB-2013-002475 // CNNVD: CNNVD-201304-520 // NVD: CVE-2013-1185

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-61187 // JVNDB: JVNDB-2013-002475 // NVD: CVE-2013-1185

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-520

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201304-520

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002475

PATCH
title:cisco-sa-20130424-ucsmultiurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti
Trust: 0.8
title:29031url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29031
Trust: 0.8
title:cisco-sa-20130424-ucsmultiurl:http://www.cisco.com/cisco/web/support/JP/111/1117/1117911_cisco-sa-20130424-ucsmulti-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002475

EXTERNAL IDS
db:NVDid:CVE-2013-1185
Trust: 2.8
db:BIDid:59459
Trust: 1.0
db:JVNDBid:JVNDB-2013-002475
Trust: 0.8
db:CNNVDid:CNNVD-201304-520
Trust: 0.7
db:CISCOid:20130424 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMPUTING SYSTEM
Trust: 0.6
db:SECUNIAid:53188
Trust: 0.6
db:VULHUBid:VHN-61187
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61187 // 
            
            
            
            BID: 59459 // 
            
            
            
            JVNDB: JVNDB-2013-002475 // 
            
            
            
            CNNVD: CNNVD-201304-520 // 
            
            
            
            NVD: CVE-2013-1185

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130424-ucsmulti
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1185
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1185
Trust: 0.8
url:http://secunia.com/advisories/53188
Trust: 0.6
url:http://www.securityfocus.com/bid/59459
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://software.cisco.com/download/navigator.html?mdfid=281787278
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61187 // 
            
            
            
            BID: 59459 // 
            
            
            
            JVNDB: JVNDB-2013-002475 // 
            
            
            
            CNNVD: CNNVD-201304-520 // 
            
            
            
            NVD: CVE-2013-1185

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 59459 // 
            
            
            
            CNNVD: CNNVD-201304-520

SOURCES
db:VULHUBid:VHN-61187
db:BIDid:59459
db:JVNDBid:JVNDB-2013-002475
db:CNNVDid:CNNVD-201304-520
db:NVDid:CVE-2013-1185

LAST UPDATE DATE
2024-11-23T22:02:24.348000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61187date:2013-04-25T00:00:00
db:BIDid:59459date:2013-04-24T00:00:00
db:JVNDBid:JVNDB-2013-002475date:2013-04-26T00:00:00
db:CNNVDid:CNNVD-201304-520date:2013-05-20T00:00:00
db:NVDid:CVE-2013-1185date:2024-11-21T01:49:04.310

SOURCES RELEASE DATE
db:VULHUBid:VHN-61187date:2013-04-25T00:00:00
db:BIDid:59459date:2013-04-24T00:00:00
db:JVNDBid:JVNDB-2013-002475date:2013-04-26T00:00:00
db:CNNVDid:CNNVD-201304-520date:2013-04-24T00:00:00
db:NVDid:CVE-2013-1185date:2013-04-25T10:55:01.750