Details of VAR-201304-0265

ID

VAR-201304-0265

CVE

CVE-2013-1182

TITLE

Cisco UCS of Manager Component Web In the console LDAP Vulnerability that bypasses authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-002472

DESCRIPTION

The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207. Cisco Unified Computing System is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and impersonate other users of the system. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtc91207. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2013-1182 // JVNDB: JVNDB-2013-002472 // BID: 59451 // VULHUB: VHN-61184

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1n\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1o\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1t\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1p\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1y\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1q\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1c\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1m\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.1	Trust: 1.6
vendor:	cisco	model:	unified computing system 6248up fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system 6120xp fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system 6296up fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system integrated management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	lte	version:	1.0	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.3\(1w\)	Trust: 1.0
vendor:	cisco	model:	unified computing system 6140xp fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ucs 6248up 48 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.3(x)	Trust: 0.8
vendor:	cisco	model:	ucs integrated management controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	lt	version:	1.1	Trust: 0.8
vendor:	cisco	model:	ucs 6120xp-20 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.1(1j)	Trust: 0.8
vendor:	cisco	model:	ucs 6140xp-40 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs 6296up 96 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.0	Trust: 0.6

sources: JVNDB: JVNDB-2013-002472 // CNNVD: CNNVD-201304-530 // NVD: CVE-2013-1182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1182
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1182
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201304-530
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-61184
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1182
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61184
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61184 // JVNDB: JVNDB-2013-002472 // CNNVD: CNNVD-201304-530 // NVD: CVE-2013-1182

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-61184 // JVNDB: JVNDB-2013-002472 // NVD: CVE-2013-1182

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-530

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201304-530

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002472

PATCH

title:	cisco-sa-20130424-ucsmulti	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti	Trust: 0.8
title:	29028	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29028	Trust: 0.8
title:	cisco-sa-20130424-ucsmulti	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117911_cisco-sa-20130424-ucsmulti-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002472

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1182	Trust: 2.8
db:	BID	id:	59451	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002472	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-530	Trust: 0.7
db:	CISCO	id:	20130424 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMPUTING SYSTEM	Trust: 0.6
db:	SECUNIA	id:	53188	Trust: 0.6
db:	VULHUB	id:	VHN-61184	Trust: 0.1

sources: VULHUB: VHN-61184 // BID: 59451 // JVNDB: JVNDB-2013-002472 // CNNVD: CNNVD-201304-530 // NVD: CVE-2013-1182

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130424-ucsmulti	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1182	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1182	Trust: 0.8
url:	http://secunia.com/advisories/53188	Trust: 0.6
url:	http://www.securityfocus.com/bid/59451	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61184 // BID: 59451 // JVNDB: JVNDB-2013-002472 // CNNVD: CNNVD-201304-530 // NVD: CVE-2013-1182

CREDITS

Cisco

Trust: 0.9

sources: BID: 59451 // CNNVD: CNNVD-201304-530

SOURCES

db:	VULHUB	id:	VHN-61184
db:	BID	id:	59451
db:	JVNDB	id:	JVNDB-2013-002472
db:	CNNVD	id:	CNNVD-201304-530
db:	NVD	id:	CVE-2013-1182

LAST UPDATE DATE

2024-11-23T22:02:27.924000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61184	date:	2013-04-25T00:00:00
db:	BID	id:	59451	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002472	date:	2013-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201304-530	date:	2013-05-20T00:00:00
db:	NVD	id:	CVE-2013-1182	date:	2024-11-21T01:49:03.947

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61184	date:	2013-04-25T00:00:00
db:	BID	id:	59451	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002472	date:	2013-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201304-530	date:	2013-04-24T00:00:00
db:	NVD	id:	CVE-2013-1182	date:	2013-04-25T10:55:01.683