Details of VAR-201309-0012

ID

VAR-201309-0012

CVE

CVE-2012-4087

TITLE

Cisco Unified Computing System Arbitrary Command Execution Vulnerability in Fabric Interconnect Device Setup Script

Trust: 0.8

sources: JVNDB: JVNDB-2013-004301

DESCRIPTION

A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. Cisco Unified Computing System is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands within the context of the daemon user. This issue is tracked by Cisco Bug ID CSCtg20793. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4087 // JVNDB: JVNDB-2013-004301 // BID: 62614 // VULHUB: VHN-57368

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	eq	version:	1.0 to 1.4	Trust: 0.8

sources: JVNDB: JVNDB-2013-004301 // CNNVD: CNNVD-201309-429 // NVD: CVE-2012-4087

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4087
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4087
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-429
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57368
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4087
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57368
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57368 // JVNDB: JVNDB-2013-004301 // CNNVD: CNNVD-201309-429 // NVD: CVE-2012-4087

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-57368 // JVNDB: JVNDB-2013-004301 // NVD: CVE-2012-4087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-429

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-429

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004301

PATCH

title:	Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4087	Trust: 0.8
title:	30966	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30966	Trust: 0.8

sources: JVNDB: JVNDB-2013-004301

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4087	Trust: 2.8
db:	SECTRACK	id:	1029086	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004301	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-429	Trust: 0.7
db:	CISCO	id:	20130923 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT DEVICES ARBITRARY COMMAND EXECUTION VULNERABILITY	Trust: 0.6
db:	BID	id:	62614	Trust: 0.4
db:	VULHUB	id:	VHN-57368	Trust: 0.1

sources: VULHUB: VHN-57368 // BID: 62614 // JVNDB: JVNDB-2013-004301 // CNNVD: CNNVD-201309-429 // NVD: CVE-2012-4087

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4087	Trust: 1.7
url:	http://www.securitytracker.com/id/1029086	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87371	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4087	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4087	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57368 // BID: 62614 // JVNDB: JVNDB-2013-004301 // CNNVD: CNNVD-201309-429 // NVD: CVE-2012-4087

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62614

SOURCES

db:	VULHUB	id:	VHN-57368
db:	BID	id:	62614
db:	JVNDB	id:	JVNDB-2013-004301
db:	CNNVD	id:	CNNVD-201309-429
db:	NVD	id:	CVE-2012-4087

LAST UPDATE DATE

2024-08-14T14:14:21.500000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57368	date:	2017-08-29T00:00:00
db:	BID	id:	62614	date:	2013-09-26T00:13:00
db:	JVNDB	id:	JVNDB-2013-004301	date:	2013-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201309-429	date:	2013-09-25T00:00:00
db:	NVD	id:	CVE-2012-4087	date:	2017-08-29T01:32:09.807

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57368	date:	2013-09-24T00:00:00
db:	BID	id:	62614	date:	2013-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-004301	date:	2013-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201309-429	date:	2013-09-25T00:00:00
db:	NVD	id:	CVE-2012-4087	date:	2013-09-24T10:35:51.830