Details of VAR-201310-0011

ID

VAR-201310-0011

CVE

CVE-2012-4096

TITLE

Cisco Unified Computing System of Baseboard Management Controller Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-004421

DESCRIPTION

The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574. Cisco Unified Computing System is prone to a local arbitrary file-access vulnerability. Local attackers can exploit this issue to read or overwrite arbitrary files. This may lead to further attacks. This issue being tracked by Cisco Bug ID CSCtn06574. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4096 // JVNDB: JVNDB-2013-004421 // BID: 62730 // VULHUB: VHN-57377

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	eq	version:	1.0	Trust: 0.8

sources: JVNDB: JVNDB-2013-004421 // CNNVD: CNNVD-201310-063 // NVD: CVE-2012-4096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4096
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4096
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-063
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57377
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4096
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57377
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57377 // JVNDB: JVNDB-2013-004421 // CNNVD: CNNVD-201310-063 // NVD: CVE-2012-4096

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-57377 // JVNDB: JVNDB-2013-004421 // NVD: CVE-2012-4096

THREAT TYPE

local

Trust: 0.9

sources: BID: 62730 // CNNVD: CNNVD-201310-063

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-063

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004421

PATCH

title:	Cisco Unified Computing System Baseboard Management Controller Arbitrary File Access Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4096	Trust: 0.8
title:	31074	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31074	Trust: 0.8

sources: JVNDB: JVNDB-2013-004421

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4096	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004421	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-063	Trust: 0.7
db:	CISCO	id:	20130930 CISCO UNIFIED COMPUTING SYSTEM BASEBOARD MANAGEMENT CONTROLLER ARBITRARY FILE ACCESS VULNERABILITY	Trust: 0.6
db:	BID	id:	62730	Trust: 0.4
db:	VULHUB	id:	VHN-57377	Trust: 0.1

sources: VULHUB: VHN-57377 // BID: 62730 // JVNDB: JVNDB-2013-004421 // CNNVD: CNNVD-201310-063 // NVD: CVE-2012-4096

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4096	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4096	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4096	Trust: 0.8

sources: VULHUB: VHN-57377 // JVNDB: JVNDB-2013-004421 // CNNVD: CNNVD-201310-063 // NVD: CVE-2012-4096

CREDITS

Cisco

Trust: 0.3

sources: BID: 62730

SOURCES

db:	VULHUB	id:	VHN-57377
db:	BID	id:	62730
db:	JVNDB	id:	JVNDB-2013-004421
db:	CNNVD	id:	CNNVD-201310-063
db:	NVD	id:	CVE-2012-4096

LAST UPDATE DATE

2024-08-14T15:44:53.924000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57377	date:	2013-10-01T00:00:00
db:	BID	id:	62730	date:	2013-10-04T02:13:00
db:	JVNDB	id:	JVNDB-2013-004421	date:	2013-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201310-063	date:	2013-10-16T00:00:00
db:	NVD	id:	CVE-2012-4096	date:	2013-10-01T19:23:13.047

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57377	date:	2013-10-01T00:00:00
db:	BID	id:	62730	date:	2013-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-004421	date:	2013-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201310-063	date:	2013-10-16T00:00:00
db:	NVD	id:	CVE-2012-4096	date:	2013-10-01T00:55:12.803