Sign-up

ID

VAR-201310-0022


CVE

CVE-2012-4107


TITLE

Cisco Unified Computing System Authenticated Vulnerability in Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004607

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCtq86489. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability stems from the fact that the program does not properly filter the parameters submitted by the user

Trust: 1.98

sources: NVD: CVE-2012-4107 // JVNDB: JVNDB-2013-004607 // BID: 62983 // VULHUB: VHN-57388

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 62983 // JVNDB: JVNDB-2013-004607 // CNNVD: CNNVD-201310-221 // NVD: CVE-2012-4107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4107
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4107
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-221
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57388
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4107
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57388
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57388 // JVNDB: JVNDB-2013-004607 // CNNVD: CNNVD-201310-221 // NVD: CVE-2012-4107

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-57388 // JVNDB: JVNDB-2013-004607 // NVD: CVE-2012-4107

THREAT TYPE

local

Trust: 0.9

sources: BID: 62983 // CNNVD: CNNVD-201310-221

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-221

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004607

PATCH
title:Cisco Unified Computing System Fabric Interconnect Arbitrary File Creation Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4107
Trust: 0.8
title:31228url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31228
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004607

EXTERNAL IDS
db:NVDid:CVE-2012-4107
Trust: 2.8
db:OSVDBid:98355
Trust: 1.1
db:JVNDBid:JVNDB-2013-004607
Trust: 0.8
db:CISCOid:20131011 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT ARBITRARY FILE CREATION VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-201310-221
Trust: 0.6
db:BIDid:62983
Trust: 0.4
db:VULHUBid:VHN-57388
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57388 // 
            
            
            
            BID: 62983 // 
            
            
            
            JVNDB: JVNDB-2013-004607 // 
            
            
            
            CNNVD: CNNVD-201310-221 // 
            
            
            
            NVD: CVE-2012-4107

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4107
Trust: 1.7
url:http://osvdb.org/98355
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4107
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4107
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57388 // 
            
            
            
            BID: 62983 // 
            
            
            
            JVNDB: JVNDB-2013-004607 // 
            
            
            
            CNNVD: CNNVD-201310-221 // 
            
            
            
            NVD: CVE-2012-4107

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62983

SOURCES
db:VULHUBid:VHN-57388
db:BIDid:62983
db:JVNDBid:JVNDB-2013-004607
db:CNNVDid:CNNVD-201310-221
db:NVDid:CVE-2012-4107

LAST UPDATE DATE
2024-08-14T14:14:20.043000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57388date:2016-09-22T00:00:00
db:BIDid:62983date:2013-10-16T01:24:00
db:JVNDBid:JVNDB-2013-004607date:2013-10-16T00:00:00
db:CNNVDid:CNNVD-201310-221date:2013-10-15T00:00:00
db:NVDid:CVE-2012-4107date:2016-09-22T17:32:58.650

SOURCES RELEASE DATE
db:VULHUBid:VHN-57388date:2013-10-13T00:00:00
db:BIDid:62983date:2013-10-11T00:00:00
db:JVNDBid:JVNDB-2013-004607date:2013-10-16T00:00:00
db:CNNVDid:CNNVD-201310-221date:2013-10-15T00:00:00
db:NVDid:CVE-2012-4107date:2013-10-13T10:20:02.850