Details of VAR-201309-0005

ID

VAR-201309-0005

CVE

CVE-2012-4078

TITLE

Cisco Unified Computing System of Baseboard Management Controller Vulnerabilities that can bypass unspecified authentication steps

Trust: 0.8

sources: JVNDB: JVNDB-2013-004299

DESCRIPTION

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. Cisco Unified Computing System is prone to a remote privilege-escalation vulnerability. An authenticated attacker can exploit this issue to gain access to services with escalated privileges. This issue is tracked by Cisco Bug ID CSCtg17656. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4078 // JVNDB: JVNDB-2013-004299 // BID: 62611 // VULHUB: VHN-57359

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.0\(2k\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.1_base	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.1\(1m\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	1.0_base	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	1.1(1m)	Trust: 0.8

sources: JVNDB: JVNDB-2013-004299 // CNNVD: CNNVD-201309-427 // NVD: CVE-2012-4078

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4078
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-4078
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201309-427
value:	HIGH
Trust: 0.6
VULHUB:	VHN-57359
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-4078
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57359
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57359 // JVNDB: JVNDB-2013-004299 // CNNVD: CNNVD-201309-427 // NVD: CVE-2012-4078

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-57359 // JVNDB: JVNDB-2013-004299 // NVD: CVE-2012-4078

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-427

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201309-427

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004299

PATCH

title:	Cisco Unified Computing System Baseboard Management Controller Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4078	Trust: 0.8
title:	30961	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30961	Trust: 0.8

sources: JVNDB: JVNDB-2013-004299

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4078	Trust: 2.8
db:	SECTRACK	id:	1029084	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004299	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-427	Trust: 0.7
db:	CISCO	id:	20130923 CISCO UNIFIED COMPUTING SYSTEM BASEBOARD MANAGEMENT CONTROLLER PRIVILEGE ESCALATION VULNERABILITY	Trust: 0.6
db:	BID	id:	62611	Trust: 0.4
db:	VULHUB	id:	VHN-57359	Trust: 0.1

sources: VULHUB: VHN-57359 // BID: 62611 // JVNDB: JVNDB-2013-004299 // CNNVD: CNNVD-201309-427 // NVD: CVE-2012-4078

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4078	Trust: 1.7
url:	http://www.securitytracker.com/id/1029084	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87367	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4078	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4078	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57359 // BID: 62611 // JVNDB: JVNDB-2013-004299 // CNNVD: CNNVD-201309-427 // NVD: CVE-2012-4078

CREDITS

Cisco

Trust: 0.3

sources: BID: 62611

SOURCES

db:	VULHUB	id:	VHN-57359
db:	BID	id:	62611
db:	JVNDB	id:	JVNDB-2013-004299
db:	CNNVD	id:	CNNVD-201309-427
db:	NVD	id:	CVE-2012-4078

LAST UPDATE DATE

2024-08-14T14:28:01.938000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57359	date:	2017-08-29T00:00:00
db:	BID	id:	62611	date:	2013-09-26T00:15:00
db:	JVNDB	id:	JVNDB-2013-004299	date:	2013-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201309-427	date:	2013-11-07T00:00:00
db:	NVD	id:	CVE-2012-4078	date:	2017-08-29T01:32:09.417

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57359	date:	2013-09-24T00:00:00
db:	BID	id:	62611	date:	2013-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-004299	date:	2013-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201309-427	date:	2013-09-25T00:00:00
db:	NVD	id:	CVE-2012-4078	date:	2013-09-24T10:35:51.783