Sign-up

ID

VAR-201310-0018


CVE

CVE-2012-4103


TITLE

Cisco Unified Computing System Authenticated Vulnerability in Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004468

DESCRIPTION

ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. Cisco Unified Computing System (UCS) Of fabric interconnect components ethanalyzer Contains a privileged vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue is being tracked by Cisco Bug ID CSCtq02686. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. A security vulnerability exists in the 'ethanalyzer' command in the fabric-interconnect component of Cisco UCS due to the program not properly filtering user-submitted input

Trust: 1.98

sources: NVD: CVE-2012-4103 // JVNDB: JVNDB-2013-004468 // BID: 62731 // VULHUB: VHN-57384

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.0

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 62731 // JVNDB: JVNDB-2013-004468 // CNNVD: CNNVD-201310-045 // NVD: CVE-2012-4103

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4103
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4103
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-045
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57384
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4103
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57384
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57384 // JVNDB: JVNDB-2013-004468 // CNNVD: CNNVD-201310-045 // NVD: CVE-2012-4103

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-57384 // JVNDB: JVNDB-2013-004468 // NVD: CVE-2012-4103

THREAT TYPE

local

Trust: 0.9

sources: BID: 62731 // CNNVD: CNNVD-201310-045

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-045

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004468

PATCH
title:Cisco Unified Computing System Fabric Interconnect ethanalyzer Command Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4103
Trust: 0.8
title:31077url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31077
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004468

EXTERNAL IDS
db:NVDid:CVE-2012-4103
Trust: 2.8
db:JVNDBid:JVNDB-2013-004468
Trust: 0.8
db:CNNVDid:CNNVD-201310-045
Trust: 0.7
db:CISCOid:20130930 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT ETHANALYZER COMMAND INJECTION VULNERABILITY
Trust: 0.6
db:BIDid:62731
Trust: 0.4
db:VULHUBid:VHN-57384
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57384 // 
            
            
            
            BID: 62731 // 
            
            
            
            JVNDB: JVNDB-2013-004468 // 
            
            
            
            CNNVD: CNNVD-201310-045 // 
            
            
            
            NVD: CVE-2012-4103

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4103
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4103
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4103
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57384 // 
            
            
            
            BID: 62731 // 
            
            
            
            JVNDB: JVNDB-2013-004468 // 
            
            
            
            CNNVD: CNNVD-201310-045 // 
            
            
            
            NVD: CVE-2012-4103

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62731

SOURCES
db:VULHUBid:VHN-57384
db:BIDid:62731
db:JVNDBid:JVNDB-2013-004468
db:CNNVDid:CNNVD-201310-045
db:NVDid:CVE-2012-4103

LAST UPDATE DATE
2024-08-14T13:48:22.068000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57384date:2017-02-19T00:00:00
db:BIDid:62731date:2013-10-04T00:15:00
db:JVNDBid:JVNDB-2013-004468date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-045date:2013-10-09T00:00:00
db:NVDid:CVE-2012-4103date:2017-02-19T05:53:40.467

SOURCES RELEASE DATE
db:VULHUBid:VHN-57384date:2013-10-02T00:00:00
db:BIDid:62731date:2013-09-30T00:00:00
db:JVNDBid:JVNDB-2013-004468date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-045date:2013-10-09T00:00:00
db:NVDid:CVE-2012-4103date:2013-10-02T22:55:23.430