Sign-up

ID

VAR-201310-0019


CVE

CVE-2012-4104


TITLE

Cisco Unified Computing System Absolute path traversal vulnerability in fabric interconnect components

Trust: 0.8

sources: JVNDB: JVNDB-2013-004471

DESCRIPTION

Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706. Cisco Unified Computing System is prone to a directory-traversal vulnerability. Exploiting this issue will allow a local attacker to modify or delete arbitrary files on the filesystem. This issue is tracked by Cisco BugID CSCtq02706. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4104 // JVNDB: JVNDB-2013-004471 // BID: 62732 // VULHUB: VHN-57385

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 62732 // JVNDB: JVNDB-2013-004471 // CNNVD: CNNVD-201310-046 // NVD: CVE-2012-4104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4104
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4104
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-046
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57385
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4104
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57385
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57385 // JVNDB: JVNDB-2013-004471 // CNNVD: CNNVD-201310-046 // NVD: CVE-2012-4104

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-57385 // JVNDB: JVNDB-2013-004471 // NVD: CVE-2012-4104

THREAT TYPE

local

Trust: 0.9

sources: BID: 62732 // CNNVD: CNNVD-201310-046

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201310-046

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004471

PATCH
title:Cisco Unified Computing System Fabric Interconnect Directory Traversal Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4104
Trust: 0.8
title:31076url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31076
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004471

EXTERNAL IDS
db:NVDid:CVE-2012-4104
Trust: 2.8
db:JVNDBid:JVNDB-2013-004471
Trust: 0.8
db:CNNVDid:CNNVD-201310-046
Trust: 0.7
db:CISCOid:20130930 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT DIRECTORY TRAVERSAL VULNERABILITY
Trust: 0.6
db:BIDid:62732
Trust: 0.4
db:VULHUBid:VHN-57385
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57385 // 
            
            
            
            BID: 62732 // 
            
            
            
            JVNDB: JVNDB-2013-004471 // 
            
            
            
            CNNVD: CNNVD-201310-046 // 
            
            
            
            NVD: CVE-2012-4104

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4104
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4104
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4104
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57385 // 
            
            
            
            BID: 62732 // 
            
            
            
            JVNDB: JVNDB-2013-004471 // 
            
            
            
            CNNVD: CNNVD-201310-046 // 
            
            
            
            NVD: CVE-2012-4104

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62732

SOURCES
db:VULHUBid:VHN-57385
db:BIDid:62732
db:JVNDBid:JVNDB-2013-004471
db:CNNVDid:CNNVD-201310-046
db:NVDid:CVE-2012-4104

LAST UPDATE DATE
2024-08-14T14:40:25.199000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57385date:2013-10-03T00:00:00
db:BIDid:62732date:2013-10-04T00:13:00
db:JVNDBid:JVNDB-2013-004471date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-046date:2013-10-09T00:00:00
db:NVDid:CVE-2012-4104date:2013-10-03T18:32:07.007

SOURCES RELEASE DATE
db:VULHUBid:VHN-57385date:2013-10-02T00:00:00
db:BIDid:62732date:2013-09-30T00:00:00
db:JVNDBid:JVNDB-2013-004471date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-046date:2013-10-09T00:00:00
db:NVDid:CVE-2012-4104date:2013-10-02T22:55:23.463