Details of VAR-201310-0021

ID

VAR-201310-0021

CVE

CVE-2012-4106

TITLE

Cisco Unified Computing System Authenticated Vulnerability in Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004606

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477. This issue is being tracked by Cisco Bug ID CSCtq86477. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4106 // JVNDB: JVNDB-2013-004606 // BID: 62981 // VULHUB: VHN-57387

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system 1.4	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	2.1	Trust: 0.8
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 62981 // JVNDB: JVNDB-2013-004606 // CNNVD: CNNVD-201310-220 // NVD: CVE-2012-4106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4106
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4106
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-220
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57387
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4106
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57387
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57387 // JVNDB: JVNDB-2013-004606 // CNNVD: CNNVD-201310-220 // NVD: CVE-2012-4106

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-57387 // JVNDB: JVNDB-2013-004606 // NVD: CVE-2012-4106

THREAT TYPE

local

Trust: 0.9

sources: BID: 62981 // CNNVD: CNNVD-201310-220

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-220

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004606

PATCH

title:	Cisco Unified Computing System Fabric Interconnect Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4106	Trust: 0.8
title:	31229	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31229	Trust: 0.8

sources: JVNDB: JVNDB-2013-004606

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4106	Trust: 2.8
db:	BID	id:	62981	Trust: 1.4
db:	OSVDB	id:	98354	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004606	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-220	Trust: 0.7
db:	CISCO	id:	20131011 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT PRIVILEGE ESCALATION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-57387	Trust: 0.1

sources: VULHUB: VHN-57387 // BID: 62981 // JVNDB: JVNDB-2013-004606 // CNNVD: CNNVD-201310-220 // NVD: CVE-2012-4106

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4106	Trust: 1.7
url:	http://www.securityfocus.com/bid/62981	Trust: 1.1
url:	http://osvdb.org/98354	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4106	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4106	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57387 // BID: 62981 // JVNDB: JVNDB-2013-004606 // CNNVD: CNNVD-201310-220 // NVD: CVE-2012-4106

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62981

SOURCES

db:	VULHUB	id:	VHN-57387
db:	BID	id:	62981
db:	JVNDB	id:	JVNDB-2013-004606
db:	CNNVD	id:	CNNVD-201310-220
db:	NVD	id:	CVE-2012-4106

LAST UPDATE DATE

2024-08-14T15:14:02.544000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57387	date:	2016-09-22T00:00:00
db:	BID	id:	62981	date:	2013-10-16T01:24:00
db:	JVNDB	id:	JVNDB-2013-004606	date:	2013-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201310-220	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2012-4106	date:	2016-09-22T14:44:09.330

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57387	date:	2013-10-13T00:00:00
db:	BID	id:	62981	date:	2013-10-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-004606	date:	2013-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201310-220	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2012-4106	date:	2013-10-13T10:20:02.833