Details of VAR-201309-0015

ID

VAR-201309-0015

CVE

CVE-2012-4092

TITLE

Cisco Unified Computing System of Central Software Component read vulnerability between devices

Trust: 0.8

sources: JVNDB: JVNDB-2013-004332

DESCRIPTION

The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. Vendors have confirmed this vulnerability Bug ID CSCtk00683 It is released as.Man-in-the-middle attacks (man-in-the-middle attack) By ID By impersonating, the data stream between devices may be read or altered. Cisco Unified Computing System is prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCtk00683. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4092 // JVNDB: JVNDB-2013-004332 // BID: 62653 // VULHUB: VHN-57373

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system 1.4	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	2.2	Trust: 0.8
vendor:	cisco	model:	unified computing system 2.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 62653 // JVNDB: JVNDB-2013-004332 // CNNVD: CNNVD-201309-474 // NVD: CVE-2012-4092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4092
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4092
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-474
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57373
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4092
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57373
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57373 // JVNDB: JVNDB-2013-004332 // CNNVD: CNNVD-201309-474 // NVD: CVE-2012-4092

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-57373 // JVNDB: JVNDB-2013-004332 // NVD: CVE-2012-4092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-474

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-474

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004332

PATCH

title:	Cisco Unified Computing System Fabric System Manager Man-in-the-Middle Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4092	Trust: 0.8
title:	30982	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30982	Trust: 0.8

sources: JVNDB: JVNDB-2013-004332

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4092	Trust: 2.8
db:	SECUNIA	id:	55034	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004332	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-474	Trust: 0.7
db:	CISCO	id:	20130925 CISCO UNIFIED COMPUTING SYSTEM FABRIC SYSTEM MANAGER MAN-IN-THE-MIDDLE VULNERABILITY	Trust: 0.6
db:	BID	id:	62653	Trust: 0.4
db:	VULHUB	id:	VHN-57373	Trust: 0.1

sources: VULHUB: VHN-57373 // BID: 62653 // JVNDB: JVNDB-2013-004332 // CNNVD: CNNVD-201309-474 // NVD: CVE-2012-4092

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4092	Trust: 2.0
url:	http://secunia.com/advisories/55034	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4092	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4092	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://software.cisco.com/download/navigator.html?mdfid=281787278	Trust: 0.3

sources: VULHUB: VHN-57373 // BID: 62653 // JVNDB: JVNDB-2013-004332 // CNNVD: CNNVD-201309-474 // NVD: CVE-2012-4092

CREDITS

Cisco

Trust: 0.3

sources: BID: 62653

SOURCES

db:	VULHUB	id:	VHN-57373
db:	BID	id:	62653
db:	JVNDB	id:	JVNDB-2013-004332
db:	CNNVD	id:	CNNVD-201309-474
db:	NVD	id:	CVE-2012-4092

LAST UPDATE DATE

2024-08-14T15:40:05.263000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57373	date:	2016-09-22T00:00:00
db:	BID	id:	62653	date:	2013-09-28T00:14:00
db:	JVNDB	id:	JVNDB-2013-004332	date:	2013-09-27T00:00:00
db:	CNNVD	id:	CNNVD-201309-474	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2012-4092	date:	2016-09-22T14:26:37.620

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57373	date:	2013-09-26T00:00:00
db:	BID	id:	62653	date:	2013-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-004332	date:	2013-09-27T00:00:00
db:	CNNVD	id:	CNNVD-201309-474	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2012-4092	date:	2013-09-26T14:16:22.047