Details of VAR-201309-0011

ID

VAR-201309-0011

CVE

CVE-2012-4086

TITLE

Cisco Unified Computing System Arbitrary Command Execution Vulnerability in Fabric Interconnect Device Setup Script

Trust: 0.8

sources: JVNDB: JVNDB-2013-004306

DESCRIPTION

A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. Cisco Unified Computing System is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands within the context of the daemon user. This issue is tracked by Cisco Bug ID CSCtg20790. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4086 // JVNDB: JVNDB-2013-004306 // BID: 62608 // VULHUB: VHN-57367

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	1.4	Trust: 0.8

sources: JVNDB: JVNDB-2013-004306 // CNNVD: CNNVD-201309-450 // NVD: CVE-2012-4086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4086
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4086
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-450
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57367
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4086
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57367
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57367 // JVNDB: JVNDB-2013-004306 // CNNVD: CNNVD-201309-450 // NVD: CVE-2012-4086

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.1
problemtype:	CWE-16	Trust: 0.8

sources: VULHUB: VHN-57367 // JVNDB: JVNDB-2013-004306 // NVD: CVE-2012-4086

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-450

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-201309-450

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004306

PATCH

title:	Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4086	Trust: 0.8
title:	30963	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30963	Trust: 0.8

sources: JVNDB: JVNDB-2013-004306

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4086	Trust: 2.8
db:	SECTRACK	id:	1029083	Trust: 1.1
db:	BID	id:	62608	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004306	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-450	Trust: 0.7
db:	CISCO	id:	20130923 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT DEVICES ARBITRARY COMMAND EXECUTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-57367	Trust: 0.1

sources: VULHUB: VHN-57367 // BID: 62608 // JVNDB: JVNDB-2013-004306 // CNNVD: CNNVD-201309-450 // NVD: CVE-2012-4086

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4086	Trust: 1.7
url:	http://www.securitytracker.com/id/1029083	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87368	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4086	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4086	Trust: 0.8
url:	http://www.securityfocus.com/bid/62608	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57367 // BID: 62608 // JVNDB: JVNDB-2013-004306 // CNNVD: CNNVD-201309-450 // NVD: CVE-2012-4086

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62608

SOURCES

db:	VULHUB	id:	VHN-57367
db:	BID	id:	62608
db:	JVNDB	id:	JVNDB-2013-004306
db:	CNNVD	id:	CNNVD-201309-450
db:	NVD	id:	CVE-2012-4086

LAST UPDATE DATE

2024-08-14T14:14:21.469000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57367	date:	2017-08-29T00:00:00
db:	BID	id:	62608	date:	2013-09-26T00:13:00
db:	JVNDB	id:	JVNDB-2013-004306	date:	2013-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201309-450	date:	2013-09-26T00:00:00
db:	NVD	id:	CVE-2012-4086	date:	2017-08-29T01:32:09.743

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57367	date:	2013-09-25T00:00:00
db:	BID	id:	62608	date:	2013-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-004306	date:	2013-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201309-450	date:	2013-09-26T00:00:00
db:	NVD	id:	CVE-2012-4086	date:	2013-09-25T10:31:26.660