Sign-up

ID

VAR-201310-0010


CVE

CVE-2012-4095


TITLE

Cisco Unified Computing System Vulnerability in Microsoft Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004466

DESCRIPTION

The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtn04521. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4095 // JVNDB: JVNDB-2013-004466 // BID: 62727 // VULHUB: VHN-57376

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.0

Trust: 0.8

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 0.6

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 62727 // JVNDB: JVNDB-2013-004466 // CNNVD: CNNVD-201310-043 // NVD: CVE-2012-4095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4095
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4095
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-043
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57376
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4095
severity: MEDIUM
baseScore: 5.5
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57376
severity: MEDIUM
baseScore: 5.5
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57376 // JVNDB: JVNDB-2013-004466 // CNNVD: CNNVD-201310-043 // NVD: CVE-2012-4095

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-57376 // JVNDB: JVNDB-2013-004466 // NVD: CVE-2012-4095

THREAT TYPE

local

Trust: 0.9

sources: BID: 62727 // CNNVD: CNNVD-201310-043

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-043

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004466

PATCH
title:Cisco Unified Computing System Fabric Interconnect Arbitrary File Access Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4095
Trust: 0.8
title:31075url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31075
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004466

EXTERNAL IDS
db:NVDid:CVE-2012-4095
Trust: 2.8
db:SECUNIAid:55135
Trust: 1.1
db:JVNDBid:JVNDB-2013-004466
Trust: 0.8
db:CNNVDid:CNNVD-201310-043
Trust: 0.7
db:CISCOid:20130930 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT ARBITRARY FILE ACCESS VULNERABILITY
Trust: 0.6
db:BIDid:62727
Trust: 0.4
db:VULHUBid:VHN-57376
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57376 // 
            
            
            
            BID: 62727 // 
            
            
            
            JVNDB: JVNDB-2013-004466 // 
            
            
            
            CNNVD: CNNVD-201310-043 // 
            
            
            
            NVD: CVE-2012-4095

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4095
Trust: 1.7
url:http://secunia.com/advisories/55135
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4095
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4095
Trust: 0.8
sources:
            
            
            VULHUB: VHN-57376 // 
            
            
            
            JVNDB: JVNDB-2013-004466 // 
            
            
            
            CNNVD: CNNVD-201310-043 // 
            
            
            
            NVD: CVE-2012-4095

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62727

SOURCES
db:VULHUBid:VHN-57376
db:BIDid:62727
db:JVNDBid:JVNDB-2013-004466
db:CNNVDid:CNNVD-201310-043
db:NVDid:CVE-2012-4095

LAST UPDATE DATE
2024-08-14T14:06:44.701000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57376date:2016-09-22T00:00:00
db:BIDid:62727date:2013-10-04T00:13:00
db:JVNDBid:JVNDB-2013-004466date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-043date:2013-10-09T00:00:00
db:NVDid:CVE-2012-4095date:2016-09-22T17:31:41.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-57376date:2013-10-02T00:00:00
db:BIDid:62727date:2013-09-30T00:00:00
db:JVNDBid:JVNDB-2013-004466date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-043date:2013-10-09T00:00:00
db:NVDid:CVE-2012-4095date:2013-10-02T22:55:02.900