Details of VAR-201304-0266

ID

VAR-201304-0266

CVE

CVE-2013-1183

TITLE

Cisco UCS of Manager Component IPMI Buffer overflow vulnerability in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2013-002473

DESCRIPTION

Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco Unified Computing System (UCS) 1.0 and 1.1 before 1.1(1j) and 1.2 before 1.2(1b) allows remote attackers to execute arbitrary code via malformed data in a UDP packet, aka Bug ID CSCtd32371. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtd32371. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2013-1183 // JVNDB: JVNDB-2013-002473 // BID: 59453 // VULHUB: VHN-61185

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.2	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.2\(1\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.1\(1m\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.0	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.1	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.0\(2k\)	Trust: 1.6
vendor:	cisco	model:	unified computing system 6248up fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system 6120xp fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system 6296up fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified computing system 6140xp fabric interconnect	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ucs 6248up 48 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs integrated management controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	lt	version:	1.1	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.0	Trust: 0.8
vendor:	cisco	model:	ucs 6120xp-20 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.1(1j)	Trust: 0.8
vendor:	cisco	model:	ucs 6140xp-40 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs 6296up 96 port fabric interconnect	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	lt	version:	1.2	Trust: 0.8
vendor:	cisco	model:	ucs infrastructure and ucs manager software	scope:	eq	version:	1.2(1b)	Trust: 0.8

sources: JVNDB: JVNDB-2013-002473 // CNNVD: CNNVD-201304-528 // NVD: CVE-2013-1183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1183
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1183
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201304-528
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-61185
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1183
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61185
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61185 // JVNDB: JVNDB-2013-002473 // CNNVD: CNNVD-201304-528 // NVD: CVE-2013-1183

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-61185 // JVNDB: JVNDB-2013-002473 // NVD: CVE-2013-1183

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-528

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201304-528

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002473

PATCH

title:	cisco-sa-20130424-ucsmulti	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti	Trust: 0.8
title:	29029	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29029	Trust: 0.8
title:	cisco-sa-20130424-ucsmulti	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117911_cisco-sa-20130424-ucsmulti-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002473

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1183	Trust: 2.8
db:	BID	id:	59453	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002473	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-528	Trust: 0.7
db:	CISCO	id:	20130424 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMPUTING SYSTEM	Trust: 0.6
db:	SECUNIA	id:	53188	Trust: 0.6
db:	VULHUB	id:	VHN-61185	Trust: 0.1

sources: VULHUB: VHN-61185 // BID: 59453 // JVNDB: JVNDB-2013-002473 // CNNVD: CNNVD-201304-528 // NVD: CVE-2013-1183

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130424-ucsmulti	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1183	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1183	Trust: 0.8
url:	http://secunia.com/advisories/53188	Trust: 0.6
url:	http://www.securityfocus.com/bid/59453	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61185 // BID: 59453 // JVNDB: JVNDB-2013-002473 // CNNVD: CNNVD-201304-528 // NVD: CVE-2013-1183

CREDITS

Cisco

Trust: 0.9

sources: BID: 59453 // CNNVD: CNNVD-201304-528

SOURCES

db:	VULHUB	id:	VHN-61185
db:	BID	id:	59453
db:	JVNDB	id:	JVNDB-2013-002473
db:	CNNVD	id:	CNNVD-201304-528
db:	NVD	id:	CVE-2013-1183

LAST UPDATE DATE

2024-11-23T22:02:27.862000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61185	date:	2013-04-25T00:00:00
db:	BID	id:	59453	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002473	date:	2013-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201304-528	date:	2013-05-20T00:00:00
db:	NVD	id:	CVE-2013-1183	date:	2024-11-21T01:49:04.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61185	date:	2013-04-25T00:00:00
db:	BID	id:	59453	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002473	date:	2013-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201304-528	date:	2013-04-24T00:00:00
db:	NVD	id:	CVE-2013-1183	date:	2013-04-25T10:55:01.707