Sign-up

ID

VAR-201310-0020


CVE

CVE-2012-4105


TITLE

Cisco Unified Computing System Service disruption in fabric interconnect components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004605

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86468. Local attacker can exploit this issue to crash the application and cause denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtq86468. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the program not correctly filtering the parameters submitted by users

Trust: 1.98

sources: NVD: CVE-2012-4105 // JVNDB: JVNDB-2013-004605 // BID: 62980 // VULHUB: VHN-57386

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.0

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 62980 // JVNDB: JVNDB-2013-004605 // CNNVD: CNNVD-201310-219 // NVD: CVE-2012-4105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4105
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4105
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-219
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57386
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4105
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57386
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57386 // JVNDB: JVNDB-2013-004605 // CNNVD: CNNVD-201310-219 // NVD: CVE-2012-4105

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-57386 // JVNDB: JVNDB-2013-004605 // NVD: CVE-2012-4105

THREAT TYPE

local

Trust: 0.9

sources: BID: 62980 // CNNVD: CNNVD-201310-219

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-219

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004605

PATCH
title:Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4105
Trust: 0.8
title:31233url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31233
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004605

EXTERNAL IDS
db:NVDid:CVE-2012-4105
Trust: 2.8
db:BIDid:62980
Trust: 1.4
db:OSVDBid:98437
Trust: 1.1
db:JVNDBid:JVNDB-2013-004605
Trust: 0.8
db:CNNVDid:CNNVD-201310-219
Trust: 0.7
db:CISCOid:20131011 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-57386
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57386 // 
            
            
            
            BID: 62980 // 
            
            
            
            JVNDB: JVNDB-2013-004605 // 
            
            
            
            CNNVD: CNNVD-201310-219 // 
            
            
            
            NVD: CVE-2012-4105

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4105
Trust: 1.7
url:http://www.securityfocus.com/bid/62980
Trust: 1.1
url:http://osvdb.org/98437
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4105
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4105
Trust: 0.8
sources:
            
            
            VULHUB: VHN-57386 // 
            
            
            
            JVNDB: JVNDB-2013-004605 // 
            
            
            
            CNNVD: CNNVD-201310-219 // 
            
            
            
            NVD: CVE-2012-4105

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62980

SOURCES
db:VULHUBid:VHN-57386
db:BIDid:62980
db:JVNDBid:JVNDB-2013-004605
db:CNNVDid:CNNVD-201310-219
db:NVDid:CVE-2012-4105

LAST UPDATE DATE
2024-08-14T14:21:16.485000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57386date:2016-09-22T00:00:00
db:BIDid:62980date:2013-10-16T01:45:00
db:JVNDBid:JVNDB-2013-004605date:2013-10-16T00:00:00
db:CNNVDid:CNNVD-201310-219date:2013-10-15T00:00:00
db:NVDid:CVE-2012-4105date:2016-09-22T14:35:40.460

SOURCES RELEASE DATE
db:VULHUBid:VHN-57386date:2013-10-13T00:00:00
db:BIDid:62980date:2013-10-11T00:00:00
db:JVNDBid:JVNDB-2013-004605date:2013-10-16T00:00:00
db:CNNVDid:CNNVD-201310-219date:2013-10-15T00:00:00
db:NVDid:CVE-2012-4105date:2013-10-13T10:19:59.973