Sign-up

ID

VAR-201309-0004


CVE

CVE-2012-4074


TITLE

Cisco Unified Computing System of Serial over LAN Vulnerabilities that can capture important information in subsystems

Trust: 0.8

sources: JVNDB: JVNDB-2013-004268

DESCRIPTION

The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338. Vendors have confirmed this vulnerability Bug ID CSCte90338 It is released as.Man-in-the-middle attacks (man-in-the-middle attack) By using hard-coded key information, important information may be obtained or the data stream may be changed. Cisco Unified Computing System is prone to an information-disclosure vulnerability in the implementation of Serial over LAN (SoL). Attackers can exploit this issue to obtain the private key and use it to decrypt traffic between end user and affected system. Successfully exploiting this issue allows attackers to view or modify Serial over LAN (SoL) communications by performing man-in-the-middle attacks. This issue is tracked by Cisco Bug ID CSCte90338. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4074 // JVNDB: JVNDB-2013-004268 // BID: 62455 // VULHUB: VHN-57355

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:1.3

Trust: 0.8

sources: JVNDB: JVNDB-2013-004268 // CNNVD: CNNVD-201309-355 // NVD: CVE-2012-4074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4074
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4074
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-355
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57355
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4074
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57355
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57355 // JVNDB: JVNDB-2013-004268 // CNNVD: CNNVD-201309-355 // NVD: CVE-2012-4074

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-57355 // JVNDB: JVNDB-2013-004268 // NVD: CVE-2012-4074

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-355

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201309-355

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004268

PATCH
title:Cisco Unified Computing System Serial over LAN Static Private Key Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4074
Trust: 0.8
title:30858url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30858
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004268

EXTERNAL IDS
db:NVDid:CVE-2012-4074
Trust: 2.8
db:SECTRACKid:1029073
Trust: 1.1
db:JVNDBid:JVNDB-2013-004268
Trust: 0.8
db:CNNVDid:CNNVD-201309-355
Trust: 0.7
db:CISCOid:20130917 CISCO UNIFIED COMPUTING SYSTEM SERIAL OVER LAN STATIC PRIVATE KEY VULNERABILITY
Trust: 0.6
db:BIDid:62455
Trust: 0.4
db:VULHUBid:VHN-57355
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57355 // 
            
            
            
            BID: 62455 // 
            
            
            
            JVNDB: JVNDB-2013-004268 // 
            
            
            
            CNNVD: CNNVD-201309-355 // 
            
            
            
            NVD: CVE-2012-4074

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4074
Trust: 1.7
url:http://www.securitytracker.com/id/1029073
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4074
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4074
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57355 // 
            
            
            
            BID: 62455 // 
            
            
            
            JVNDB: JVNDB-2013-004268 // 
            
            
            
            CNNVD: CNNVD-201309-355 // 
            
            
            
            NVD: CVE-2012-4074

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62455

SOURCES
db:VULHUBid:VHN-57355
db:BIDid:62455
db:JVNDBid:JVNDB-2013-004268
db:CNNVDid:CNNVD-201309-355
db:NVDid:CVE-2012-4074

LAST UPDATE DATE
2024-08-14T15:24:48.963000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57355date:2016-09-23T00:00:00
db:BIDid:62455date:2013-09-21T00:11:00
db:JVNDBid:JVNDB-2013-004268date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-355date:2013-09-23T00:00:00
db:NVDid:CVE-2012-4074date:2016-09-23T16:22:05.313

SOURCES RELEASE DATE
db:VULHUBid:VHN-57355date:2013-09-20T00:00:00
db:BIDid:62455date:2013-09-17T00:00:00
db:JVNDBid:JVNDB-2013-004268date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-355date:2013-09-23T00:00:00
db:NVDid:CVE-2012-4074date:2013-09-20T16:55:07.707