Sign-up

ID

VAR-201309-0010


CVE

CVE-2012-4085


TITLE

Cisco Unified Computing System of Blade Management Controller Vulnerable to enumerating valid usernames

Trust: 0.8

sources: JVNDB: JVNDB-2013-004300

DESCRIPTION

The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761. Vendors have confirmed this vulnerability Bug ID CSCtg20761 It is released as.By a third party IPMI By observing the response of the interface, a valid user name may be enumerated. An attacker can exploit this issue to obtain sensitive information; other attacks may also be possible. This issue is being tracked by Cisco Bug ID CSCtg20761. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4085 // JVNDB: JVNDB-2013-004300 // BID: 62615 // VULHUB: VHN-57366

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.2

Trust: 0.8

vendor:ciscomodel:unified computing system 2.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 62615 // JVNDB: JVNDB-2013-004300 // CNNVD: CNNVD-201309-428 // NVD: CVE-2012-4085

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4085
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4085
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-428
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57366
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4085
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57366
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57366 // JVNDB: JVNDB-2013-004300 // CNNVD: CNNVD-201309-428 // NVD: CVE-2012-4085

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-57366 // JVNDB: JVNDB-2013-004300 // NVD: CVE-2012-4085

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-428

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-428

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004300

PATCH
title:Cisco Unified Computing System Blade Management Controller Information Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4085
Trust: 0.8
title:30962url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30962
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004300

EXTERNAL IDS
db:NVDid:CVE-2012-4085
Trust: 2.8
db:SECTRACKid:1029081
Trust: 1.1
db:JVNDBid:JVNDB-2013-004300
Trust: 0.8
db:CNNVDid:CNNVD-201309-428
Trust: 0.7
db:CISCOid:20130923 CISCO UNIFIED COMPUTING SYSTEM BLADE MANAGEMENT CONTROLLER INFORMATION DISCLOSURE VULNERABILITY
Trust: 0.6
db:BIDid:62615
Trust: 0.4
db:VULHUBid:VHN-57366
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57366 // 
            
            
            
            BID: 62615 // 
            
            
            
            JVNDB: JVNDB-2013-004300 // 
            
            
            
            CNNVD: CNNVD-201309-428 // 
            
            
            
            NVD: CVE-2012-4085

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4085
Trust: 1.7
url:http://www.securitytracker.com/id/1029081
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87372
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4085
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4085
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57366 // 
            
            
            
            BID: 62615 // 
            
            
            
            JVNDB: JVNDB-2013-004300 // 
            
            
            
            CNNVD: CNNVD-201309-428 // 
            
            
            
            NVD: CVE-2012-4085

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62615

SOURCES
db:VULHUBid:VHN-57366
db:BIDid:62615
db:JVNDBid:JVNDB-2013-004300
db:CNNVDid:CNNVD-201309-428
db:NVDid:CVE-2012-4085

LAST UPDATE DATE
2024-08-14T15:14:03.243000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57366date:2017-08-29T00:00:00
db:BIDid:62615date:2013-09-26T00:13:00
db:JVNDBid:JVNDB-2013-004300date:2013-09-26T00:00:00
db:CNNVDid:CNNVD-201309-428date:2013-09-25T00:00:00
db:NVDid:CVE-2012-4085date:2017-08-29T01:32:09.650

SOURCES RELEASE DATE
db:VULHUBid:VHN-57366date:2013-09-24T00:00:00
db:BIDid:62615date:2013-09-23T00:00:00
db:JVNDBid:JVNDB-2013-004300date:2013-09-26T00:00:00
db:CNNVDid:CNNVD-201309-428date:2013-09-25T00:00:00
db:NVDid:CVE-2012-4085date:2013-09-24T10:35:51.813