Details of VAR-201304-0252

ID

VAR-201304-0252

CVE

CVE-2013-1186

TITLE

Cisco Unified Computing System KVM Remote Authentication Bypass Vulnerability

Trust: 0.9

sources: BID: 59455 // CNNVD: CNNVD-201304-526

DESCRIPTION

Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746. An attacker can exploit this issue to bypass the authentication mechanism and gain access to the IP KVM console of the physical or virtual device. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCts53746. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2013-1186 // JVNDB: JVNDB-2013-002476 // BID: 59455 // VULHUB: VHN-61188

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4\(3m\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4\(1j\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1w\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4\(3y\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1t\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4\(3q\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1y\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4\(3s\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1q\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4\(3u\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.2	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	2.0\(1q\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.1	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1p\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1n\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4\(1m\)	Trust: 1.0
vendor:	cisco	model:	unified computing system 6248up fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.0	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	2.0\(1t\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.2\(1\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	2.0\(1s\)	Trust: 1.0
vendor:	cisco	model:	unified computing system integrated management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4\(3l\)	Trust: 1.0
vendor:	cisco	model:	unified computing system 6140xp fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4\(3i\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1o\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.2\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.0\(2k\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.2\(1d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	2.0\(1w\)	Trust: 1.0
vendor:	cisco	model:	unified computing system 6120xp fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system 6296up fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1m\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	2.0\(1x\)	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.1\(1m\)	Trust: 1.0
vendor:	cisco	model:	ucs 6248up 48 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.1	Trust: 0.8
vendor:	cisco	model:	ucs integrated management controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.0	Trust: 0.8
vendor:	cisco	model:	ucs 6120xp-20 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	2.0(2m)	Trust: 0.8
vendor:	cisco	model:	ucs 6140xp-40 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs 6296up 96 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	lt	version:	2.x	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.2	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.3	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.4	Trust: 0.8

sources: JVNDB: JVNDB-2013-002476 // CNNVD: CNNVD-201304-526 // NVD: CVE-2013-1186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1186
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1186
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201304-526
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61188
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1186
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61188
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61188 // JVNDB: JVNDB-2013-002476 // CNNVD: CNNVD-201304-526 // NVD: CVE-2013-1186

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-61188 // JVNDB: JVNDB-2013-002476 // NVD: CVE-2013-1186

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-526

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201304-526

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002476

PATCH

title:	cisco-sa-20130424-ucsmulti	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti	Trust: 0.8
title:	29032	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29032	Trust: 0.8
title:	cisco-sa-20130424-ucsmulti	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117911_cisco-sa-20130424-ucsmulti-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002476

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1186	Trust: 2.8
db:	BID	id:	59455	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002476	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-526	Trust: 0.7
db:	CISCO	id:	20130424 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMPUTING SYSTEM	Trust: 0.6
db:	SECUNIA	id:	53188	Trust: 0.6
db:	VULHUB	id:	VHN-61188	Trust: 0.1

sources: VULHUB: VHN-61188 // BID: 59455 // JVNDB: JVNDB-2013-002476 // CNNVD: CNNVD-201304-526 // NVD: CVE-2013-1186

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130424-ucsmulti	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1186	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1186	Trust: 0.8
url:	http://secunia.com/advisories/53188	Trust: 0.6
url:	http://www.securityfocus.com/bid/59455	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://software.cisco.com/download/navigator.html?mdfid=281787278	Trust: 0.3

sources: VULHUB: VHN-61188 // BID: 59455 // JVNDB: JVNDB-2013-002476 // CNNVD: CNNVD-201304-526 // NVD: CVE-2013-1186

CREDITS

Cisco

Trust: 0.9

sources: BID: 59455 // CNNVD: CNNVD-201304-526

SOURCES

db:	VULHUB	id:	VHN-61188
db:	BID	id:	59455
db:	JVNDB	id:	JVNDB-2013-002476
db:	CNNVD	id:	CNNVD-201304-526
db:	NVD	id:	CVE-2013-1186

LAST UPDATE DATE

2024-11-23T22:02:24.379000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61188	date:	2013-05-02T00:00:00
db:	BID	id:	59455	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002476	date:	2013-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201304-526	date:	2013-05-20T00:00:00
db:	NVD	id:	CVE-2013-1186	date:	2024-11-21T01:49:04.437

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61188	date:	2013-04-25T00:00:00
db:	BID	id:	59455	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002476	date:	2013-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201304-526	date:	2013-04-24T00:00:00
db:	NVD	id:	CVE-2013-1186	date:	2013-04-25T10:55:01.770