Sign-up

ID

VAR-201309-0023


CVE

CVE-2012-1313


TITLE

Cisco Unified Computing System of PALO Vulnerability that can be obtained by a remote debug shell running on an adapter card

Trust: 0.8

sources: JVNDB: JVNDB-2013-004359

DESCRIPTION

The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. Vendors have confirmed this vulnerability Bug ID CSCub13772 It is released as.Malformed by local user show-macstats It may be possible to get permission through parameters. Cisco Unified Computing System is prone to a local arbitrary command-execution vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCub13772. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-1313 // JVNDB: JVNDB-2013-004359 // BID: 62680 // VULHUB: VHN-54594

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 4.5

vendor:ciscomodel:unified computing system 2.0scope: - version: -

Trust: 3.0

vendor:ciscomodel:unified computing system 1.3scope: - version: -

Trust: 2.7

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:1.4

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:1.3

Trust: 0.3

vendor:ciscomodel:unified computing system 1.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:1.2

Trust: 0.3

vendor:ciscomodel:unified computing system 1.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:unified computing system 1.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:1.0

Trust: 0.3

sources: BID: 62680 // JVNDB: JVNDB-2013-004359 // CNNVD: CNNVD-201309-498 // NVD: CVE-2012-1313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1313
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1313
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-498
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54594
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1313
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2012-1313
severity: MEDIUM
baseScore: 6.3
vectorString: AV:L/AC:M/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-54594
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54594 // JVNDB: JVNDB-2013-004359 // CNNVD: CNNVD-201309-498 // NVD: CVE-2012-1313

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-54594 // JVNDB: JVNDB-2013-004359 // NVD: CVE-2012-1313

THREAT TYPE

local

Trust: 0.9

sources: BID: 62680 // CNNVD: CNNVD-201309-498

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-498

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004359

PATCH
title:Cisco Unified Computing System Arbitrary Command Execution Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-1313
Trust: 0.8
title:31002url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31002
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004359

EXTERNAL IDS
db:NVDid:CVE-2012-1313
Trust: 2.8
db:OSVDBid:97776
Trust: 1.1
db:SECTRACKid:1029103
Trust: 1.1
db:JVNDBid:JVNDB-2013-004359
Trust: 0.8
db:CNNVDid:CNNVD-201309-498
Trust: 0.7
db:CISCOid:20130926 CISCO UNIFIED COMPUTING SYSTEM ARBITRARY COMMAND EXECUTION VULNERABILITY
Trust: 0.6
db:BIDid:62680
Trust: 0.4
db:VULHUBid:VHN-54594
Trust: 0.1
sources:
            
            
            VULHUB: VHN-54594 // 
            
            
            
            BID: 62680 // 
            
            
            
            JVNDB: JVNDB-2013-004359 // 
            
            
            
            CNNVD: CNNVD-201309-498 // 
            
            
            
            NVD: CVE-2012-1313

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-1313
Trust: 2.0
url:http://osvdb.org/97776
Trust: 1.1
url:http://www.securitytracker.com/id/1029103
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1313
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1313
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://software.cisco.com/download/navigator.html?mdfid=281787278
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31002
Trust: 0.3
sources:
            
            
            VULHUB: VHN-54594 // 
            
            
            
            BID: 62680 // 
            
            
            
            JVNDB: JVNDB-2013-004359 // 
            
            
            
            CNNVD: CNNVD-201309-498 // 
            
            
            
            NVD: CVE-2012-1313

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62680

SOURCES
db:VULHUBid:VHN-54594
db:BIDid:62680
db:JVNDBid:JVNDB-2013-004359
db:CNNVDid:CNNVD-201309-498
db:NVDid:CVE-2012-1313

LAST UPDATE DATE
2024-08-14T13:35:39.635000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-54594date:2016-11-04T00:00:00
db:BIDid:62680date:2013-09-26T00:00:00
db:JVNDBid:JVNDB-2013-004359date:2013-10-01T00:00:00
db:CNNVDid:CNNVD-201309-498date:2013-09-29T00:00:00
db:NVDid:CVE-2012-1313date:2016-11-04T18:34:50.297

SOURCES RELEASE DATE
db:VULHUBid:VHN-54594date:2013-09-27T00:00:00
db:BIDid:62680date:2013-09-26T00:00:00
db:JVNDBid:JVNDB-2013-004359date:2013-10-01T00:00:00
db:CNNVDid:CNNVD-201309-498date:2013-09-29T00:00:00
db:NVDid:CVE-2012-1313date:2013-09-27T20:55:03.173