Sign-up

ID

VAR-201309-0013


CVE

CVE-2012-4088


TITLE

Cisco Unified Computing System of FTP Server read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004331

DESCRIPTION

The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. Vendors have confirmed this vulnerability Bug ID CSCtg20769 It is released as.A third party may use hard-coded password information to read or edit the file. Cisco Unified Computing System is prone to a security-bypass vulnerability. Exploiting this issue could allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCtg20769. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4088 // JVNDB: JVNDB-2013-004331 // BID: 62652 // VULHUB: VHN-57369

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.0

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:0

Trust: 0.3

sources: BID: 62652 // JVNDB: JVNDB-2013-004331 // CNNVD: CNNVD-201309-473 // NVD: CVE-2012-4088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4088
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4088
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-473
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57369
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4088
severity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57369
severity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57369 // JVNDB: JVNDB-2013-004331 // CNNVD: CNNVD-201309-473 // NVD: CVE-2012-4088

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-57369 // JVNDB: JVNDB-2013-004331 // NVD: CVE-2012-4088

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201309-473

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201309-473

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004331

PATCH
title:Cisco Unified Computing System FTP User Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4088
Trust: 0.8
title:30998url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30998
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004331

EXTERNAL IDS
db:NVDid:CVE-2012-4088
Trust: 2.8
db:SECUNIAid:54682
Trust: 1.1
db:SECTRACKid:1029102
Trust: 1.1
db:JVNDBid:JVNDB-2013-004331
Trust: 0.8
db:CNNVDid:CNNVD-201309-473
Trust: 0.7
db:CISCOid:20130925 CISCO UNIFIED COMPUTING SYSTEM FTP USER VULNERABILITY
Trust: 0.6
db:BIDid:62652
Trust: 0.4
db:VULHUBid:VHN-57369
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57369 // 
            
            
            
            BID: 62652 // 
            
            
            
            JVNDB: JVNDB-2013-004331 // 
            
            
            
            CNNVD: CNNVD-201309-473 // 
            
            
            
            NVD: CVE-2012-4088

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4088
Trust: 2.0
url:http://www.securitytracker.com/id/1029102
Trust: 1.1
url:http://secunia.com/advisories/54682
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4088
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4088
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://software.cisco.com/download/navigator.html?mdfid=281787278
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30998
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57369 // 
            
            
            
            BID: 62652 // 
            
            
            
            JVNDB: JVNDB-2013-004331 // 
            
            
            
            CNNVD: CNNVD-201309-473 // 
            
            
            
            NVD: CVE-2012-4088

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62652

SOURCES
db:VULHUBid:VHN-57369
db:BIDid:62652
db:JVNDBid:JVNDB-2013-004331
db:CNNVDid:CNNVD-201309-473
db:NVDid:CVE-2012-4088

LAST UPDATE DATE
2024-08-14T15:19:16.752000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57369date:2016-09-22T00:00:00
db:BIDid:62652date:2013-09-28T00:14:00
db:JVNDBid:JVNDB-2013-004331date:2013-09-27T00:00:00
db:CNNVDid:CNNVD-201309-473date:2013-09-27T00:00:00
db:NVDid:CVE-2012-4088date:2016-09-22T17:16:26.090

SOURCES RELEASE DATE
db:VULHUBid:VHN-57369date:2013-09-26T00:00:00
db:BIDid:62652date:2013-09-25T00:00:00
db:JVNDBid:JVNDB-2013-004331date:2013-09-27T00:00:00
db:CNNVDid:CNNVD-201309-473date:2013-09-27T00:00:00
db:NVDid:CVE-2012-4088date:2013-09-26T14:16:22.047