Details of VAR-201309-0003

ID

VAR-201309-0003

CVE

CVE-2012-4073

TITLE

Cisco Unified Computing System of Client's KVM Server spoofing vulnerability in subsystem

Trust: 0.8

sources: JVNDB: JVNDB-2013-004267

DESCRIPTION

The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. Cisco Unified Computing System is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which may aid in further attacks. This issue is tracked by Cisco Bug ID CSCte90332. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4073 // JVNDB: JVNDB-2013-004267 // BID: 62451 // VULHUB: VHN-57354

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system 1.4	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	2.0	Trust: 0.8
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 62451 // JVNDB: JVNDB-2013-004267 // CNNVD: CNNVD-201309-354 // NVD: CVE-2012-4073

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4073
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4073
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-354
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57354
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4073
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57354
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57354 // JVNDB: JVNDB-2013-004267 // CNNVD: CNNVD-201309-354 // NVD: CVE-2012-4073

PROBLEMTYPE DATA

problemtype:	CWE-310	Trust: 1.1
problemtype:	CWE-20	Trust: 0.8

sources: VULHUB: VHN-57354 // JVNDB: JVNDB-2013-004267 // NVD: CVE-2012-4073

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-354

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201309-354

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004267

PATCH

title:	Cisco Unified Computing System Software KVM Client Certificate Validation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4073	Trust: 0.8
title:	30856	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30856	Trust: 0.8

sources: JVNDB: JVNDB-2013-004267

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4073	Trust: 2.8
db:	SECTRACK	id:	1029068	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004267	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-354	Trust: 0.7
db:	CISCO	id:	20130917 CISCO UNIFIED COMPUTING SYSTEM SOFTWARE KVM CLIENT CERTIFICATE VALIDATION VULNERABILITY	Trust: 0.6
db:	BID	id:	62451	Trust: 0.4
db:	VULHUB	id:	VHN-57354	Trust: 0.1

sources: VULHUB: VHN-57354 // BID: 62451 // JVNDB: JVNDB-2013-004267 // CNNVD: CNNVD-201309-354 // NVD: CVE-2012-4073

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4073	Trust: 1.7
url:	http://www.securitytracker.com/id/1029068	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4073	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4073	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57354 // BID: 62451 // JVNDB: JVNDB-2013-004267 // CNNVD: CNNVD-201309-354 // NVD: CVE-2012-4073

CREDITS

Cisco

Trust: 0.3

sources: BID: 62451

SOURCES

db:	VULHUB	id:	VHN-57354
db:	BID	id:	62451
db:	JVNDB	id:	JVNDB-2013-004267
db:	CNNVD	id:	CNNVD-201309-354
db:	NVD	id:	CVE-2012-4073

LAST UPDATE DATE

2024-08-14T14:58:18.647000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57354	date:	2016-09-09T00:00:00
db:	BID	id:	62451	date:	2013-09-21T00:11:00
db:	JVNDB	id:	JVNDB-2013-004267	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-354	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2012-4073	date:	2016-09-09T13:58:33.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57354	date:	2013-09-20T00:00:00
db:	BID	id:	62451	date:	2013-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-004267	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-354	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2012-4073	date:	2013-09-20T16:55:07.690