Details of VAR-201310-0017

ID

VAR-201310-0017

CVE

CVE-2012-4102

TITLE

Cisco Unified Computing System Authenticated Vulnerability in Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004467

DESCRIPTION

The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600. Cisco Unified Computing System is prone to a local arbitrary command-execution vulnerability. A local attacker can exploit this issue to execute arbitrary commands on the Linux shell with root privileges. Successful exploits may completely compromise the affected device. This issue is being tracked by Cisco Bug ID CSCtq02600. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4102 // JVNDB: JVNDB-2013-004467 // BID: 62728 // VULHUB: VHN-57383

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system 1.4	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	2.1	Trust: 0.8
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	unified computing system	scope:	eq	version:	0	Trust: 0.3

sources: BID: 62728 // JVNDB: JVNDB-2013-004467 // CNNVD: CNNVD-201310-044 // NVD: CVE-2012-4102

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4102
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4102
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-044
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57383
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4102
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57383
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57383 // JVNDB: JVNDB-2013-004467 // CNNVD: CNNVD-201310-044 // NVD: CVE-2012-4102

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-57383 // JVNDB: JVNDB-2013-004467 // NVD: CVE-2012-4102

THREAT TYPE

local

Trust: 0.9

sources: BID: 62728 // CNNVD: CNNVD-201310-044

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-044

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004467

PATCH

title:	Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4102	Trust: 0.8
title:	31078	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31078	Trust: 0.8

sources: JVNDB: JVNDB-2013-004467

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4102	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004467	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-044	Trust: 0.7
db:	CISCO	id:	20130930 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT ACTIVATE FIRMWARE COMMAND INJECTION VULNERABILITY	Trust: 0.6
db:	BID	id:	62728	Trust: 0.4
db:	VULHUB	id:	VHN-57383	Trust: 0.1

sources: VULHUB: VHN-57383 // BID: 62728 // JVNDB: JVNDB-2013-004467 // CNNVD: CNNVD-201310-044 // NVD: CVE-2012-4102

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4102	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4102	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4102	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57383 // BID: 62728 // JVNDB: JVNDB-2013-004467 // CNNVD: CNNVD-201310-044 // NVD: CVE-2012-4102

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62728

SOURCES

db:	VULHUB	id:	VHN-57383
db:	BID	id:	62728
db:	JVNDB	id:	JVNDB-2013-004467
db:	CNNVD	id:	CNNVD-201310-044
db:	NVD	id:	CVE-2012-4102

LAST UPDATE DATE

2024-08-14T15:08:52.651000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57383	date:	2013-10-03T00:00:00
db:	BID	id:	62728	date:	2013-10-04T00:15:00
db:	JVNDB	id:	JVNDB-2013-004467	date:	2013-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201310-044	date:	2013-10-09T00:00:00
db:	NVD	id:	CVE-2012-4102	date:	2013-10-03T14:48:55.253

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57383	date:	2013-10-02T00:00:00
db:	BID	id:	62728	date:	2013-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-004467	date:	2013-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201310-044	date:	2013-10-09T00:00:00
db:	NVD	id:	CVE-2012-4102	date:	2013-10-02T22:55:23.383