Sign-up

ID

VAR-201309-0014


CVE

CVE-2012-4089


TITLE

Cisco Unified Computing System In any Baseboard Management Controller Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004302

DESCRIPTION

MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239. Cisco Unified Computing System is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCtg76239. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability stems from the fact that the program does not properly validate the input data in the MCTOOLS command in the FI software

Trust: 1.98

sources: NVD: CVE-2012-4089 // JVNDB: JVNDB-2013-004302 // BID: 62619 // VULHUB: VHN-57370

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:eqversion:1.0 to 1.4

Trust: 0.8

sources: JVNDB: JVNDB-2013-004302 // CNNVD: CNNVD-201309-430 // NVD: CVE-2012-4089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4089
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4089
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-430
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57370
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4089
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57370
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57370 // JVNDB: JVNDB-2013-004302 // CNNVD: CNNVD-201309-430 // NVD: CVE-2012-4089

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-57370 // JVNDB: JVNDB-2013-004302 // NVD: CVE-2012-4089

THREAT TYPE

local

Trust: 0.9

sources: BID: 62619 // CNNVD: CNNVD-201309-430

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004302

PATCH
title:Cisco Unified Computing System Baseboard Management Controller Arbitrary Command Execution Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4089
Trust: 0.8
title:30964url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30964
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004302

EXTERNAL IDS
db:NVDid:CVE-2012-4089
Trust: 2.8
db:SECTRACKid:1029082
Trust: 1.1
db:JVNDBid:JVNDB-2013-004302
Trust: 0.8
db:CNNVDid:CNNVD-201309-430
Trust: 0.7
db:CISCOid:20130923 CISCO UNIFIED COMPUTING SYSTEM BASEBOARD MANAGEMENT CONTROLLER ARBITRARY COMMAND EXECUTION VULNERABILITY
Trust: 0.6
db:BIDid:62619
Trust: 0.4
db:VULHUBid:VHN-57370
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57370 // 
            
            
            
            BID: 62619 // 
            
            
            
            JVNDB: JVNDB-2013-004302 // 
            
            
            
            CNNVD: CNNVD-201309-430 // 
            
            
            
            NVD: CVE-2012-4089

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4089
Trust: 1.7
url:http://www.securitytracker.com/id/1029082
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87369
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4089
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4089
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57370 // 
            
            
            
            BID: 62619 // 
            
            
            
            JVNDB: JVNDB-2013-004302 // 
            
            
            
            CNNVD: CNNVD-201309-430 // 
            
            
            
            NVD: CVE-2012-4089

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62619

SOURCES
db:VULHUBid:VHN-57370
db:BIDid:62619
db:JVNDBid:JVNDB-2013-004302
db:CNNVDid:CNNVD-201309-430
db:NVDid:CVE-2012-4089

LAST UPDATE DATE
2024-08-14T14:34:18.011000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57370date:2017-08-29T00:00:00
db:BIDid:62619date:2013-09-25T00:15:00
db:JVNDBid:JVNDB-2013-004302date:2013-09-26T00:00:00
db:CNNVDid:CNNVD-201309-430date:2013-09-25T00:00:00
db:NVDid:CVE-2012-4089date:2017-08-29T01:32:09.853

SOURCES RELEASE DATE
db:VULHUBid:VHN-57370date:2013-09-24T00:00:00
db:BIDid:62619date:2013-09-23T00:00:00
db:JVNDBid:JVNDB-2013-004302date:2013-09-26T00:00:00
db:CNNVDid:CNNVD-201309-430date:2013-09-25T00:00:00
db:NVDid:CVE-2012-4089date:2013-09-24T10:35:51.860