Sign-up

ID

VAR-201309-0002


CVE

CVE-2012-4072


TITLE

Cisco Unified Computing System of KVM In the subsystem SSL Vulnerability impersonating a server

Trust: 0.8

sources: JVNDB: JVNDB-2013-004266

DESCRIPTION

The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327. Cisco Unified Computing System is prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCte90327. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. An encryption issue vulnerability exists in the KVM subsystem in Cisco UCS. The vulnerability stems from the program's use of hardcoded X.509 certificates

Trust: 1.98

sources: NVD: CVE-2012-4072 // JVNDB: JVNDB-2013-004266 // BID: 62452 // VULHUB: VHN-57353

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1

Trust: 0.8

sources: BID: 62452 // JVNDB: JVNDB-2013-004266 // CNNVD: CNNVD-201309-353 // NVD: CVE-2012-4072

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4072
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4072
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-353
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57353
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4072
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57353
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57353 // JVNDB: JVNDB-2013-004266 // CNNVD: CNNVD-201309-353 // NVD: CVE-2012-4072

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-57353 // JVNDB: JVNDB-2013-004266 // NVD: CVE-2012-4072

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-353

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-353

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004266

PATCH
title:Cisco Unified Computing System Software KVM Encryption Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4072
Trust: 0.8
title:30857url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30857
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004266

EXTERNAL IDS
db:NVDid:CVE-2012-4072
Trust: 2.8
db:SECTRACKid:1029067
Trust: 1.1
db:JVNDBid:JVNDB-2013-004266
Trust: 0.8
db:CISCOid:20130917 CISCO UNIFIED COMPUTING SYSTEM SOFTWARE KVM ENCRYPTION VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-201309-353
Trust: 0.6
db:BIDid:62452
Trust: 0.4
db:VULHUBid:VHN-57353
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57353 // 
            
            
            
            BID: 62452 // 
            
            
            
            JVNDB: JVNDB-2013-004266 // 
            
            
            
            CNNVD: CNNVD-201309-353 // 
            
            
            
            NVD: CVE-2012-4072

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4072
Trust: 1.7
url:http://www.securitytracker.com/id/1029067
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4072
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4072
Trust: 0.8
sources:
            
            
            VULHUB: VHN-57353 // 
            
            
            
            JVNDB: JVNDB-2013-004266 // 
            
            
            
            CNNVD: CNNVD-201309-353 // 
            
            
            
            NVD: CVE-2012-4072

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62452

SOURCES
db:VULHUBid:VHN-57353
db:BIDid:62452
db:JVNDBid:JVNDB-2013-004266
db:CNNVDid:CNNVD-201309-353
db:NVDid:CVE-2012-4072

LAST UPDATE DATE
2024-08-14T13:35:39.667000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57353date:2016-09-23T00:00:00
db:BIDid:62452date:2013-09-21T00:11:00
db:JVNDBid:JVNDB-2013-004266date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-353date:2013-09-23T00:00:00
db:NVDid:CVE-2012-4072date:2016-09-23T16:34:30.557

SOURCES RELEASE DATE
db:VULHUBid:VHN-57353date:2013-09-20T00:00:00
db:BIDid:62452date:2013-09-17T00:00:00
db:JVNDBid:JVNDB-2013-004266date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-353date:2013-09-23T00:00:00
db:NVDid:CVE-2012-4072date:2013-09-20T16:55:03.427