Details of VAR-201309-0008

ID

VAR-201309-0008

CVE

CVE-2012-4082

TITLE

Cisco Unified Computing System of Cisco Management Controller Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-004275

DESCRIPTION

MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749. Cisco Unified Computing System (UCS) of Cisco Management Controller of MCTools Contains a privileged vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCtg20749. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4082 // JVNDB: JVNDB-2013-004275 // BID: 62518 // VULHUB: VHN-57363

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	1.4	Trust: 0.8
vendor:	cisco	model:	unified computing system	scope:	eq	version:	0	Trust: 0.3

sources: BID: 62518 // JVNDB: JVNDB-2013-004275 // CNNVD: CNNVD-201309-362 // NVD: CVE-2012-4082

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4082
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4082
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-362
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57363
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4082
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57363
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57363 // JVNDB: JVNDB-2013-004275 // CNNVD: CNNVD-201309-362 // NVD: CVE-2012-4082

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-57363 // JVNDB: JVNDB-2013-004275 // NVD: CVE-2012-4082

THREAT TYPE

local

Trust: 0.9

sources: BID: 62518 // CNNVD: CNNVD-201309-362

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-362

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004275

PATCH

title:	Cisco Unified Computing System Cisco Management Controller Command Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4082	Trust: 0.8
title:	30876	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30876	Trust: 0.8

sources: JVNDB: JVNDB-2013-004275

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4082	Trust: 2.8
db:	SECTRACK	id:	1029062	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004275	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-362	Trust: 0.7
db:	CISCO	id:	20130918 CISCO UNIFIED COMPUTING SYSTEM CISCO MANAGEMENT CONTROLLER COMMAND INJECTION VULNERABILITY	Trust: 0.6
db:	BID	id:	62518	Trust: 0.4
db:	VULHUB	id:	VHN-57363	Trust: 0.1

sources: VULHUB: VHN-57363 // BID: 62518 // JVNDB: JVNDB-2013-004275 // CNNVD: CNNVD-201309-362 // NVD: CVE-2012-4082

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4082	Trust: 1.7
url:	http://www.securitytracker.com/id/1029062	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87337	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4082	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4082	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57363 // BID: 62518 // JVNDB: JVNDB-2013-004275 // CNNVD: CNNVD-201309-362 // NVD: CVE-2012-4082

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62518

SOURCES

db:	VULHUB	id:	VHN-57363
db:	BID	id:	62518
db:	JVNDB	id:	JVNDB-2013-004275
db:	CNNVD	id:	CNNVD-201309-362
db:	NVD	id:	CVE-2012-4082

LAST UPDATE DATE

2024-08-14T14:40:25.497000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57363	date:	2017-08-29T00:00:00
db:	BID	id:	62518	date:	2013-09-21T00:14:00
db:	JVNDB	id:	JVNDB-2013-004275	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-362	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2012-4082	date:	2017-08-29T01:32:09.493

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57363	date:	2013-09-20T00:00:00
db:	BID	id:	62518	date:	2013-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-004275	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-362	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2012-4082	date:	2013-09-20T18:55:09.797