Sign-up

ID

VAR-201310-0023


CVE

CVE-2012-4108


TITLE

Cisco Unified Computing System Authenticated Vulnerability in Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004608

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. Cisco Unified Computing System is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue is being tracked by Cisco Bug ID CSCtq86554. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability stems from the fact that the program does not correctly filter the parameters submitted by the user

Trust: 1.98

sources: NVD: CVE-2012-4108 // JVNDB: JVNDB-2013-004608 // BID: 62979 // VULHUB: VHN-57389

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 62979 // JVNDB: JVNDB-2013-004608 // CNNVD: CNNVD-201310-222 // NVD: CVE-2012-4108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4108
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4108
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-222
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57389
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4108
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57389
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57389 // JVNDB: JVNDB-2013-004608 // CNNVD: CNNVD-201310-222 // NVD: CVE-2012-4108

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-57389 // JVNDB: JVNDB-2013-004608 // NVD: CVE-2012-4108

THREAT TYPE

local

Trust: 0.9

sources: BID: 62979 // CNNVD: CNNVD-201310-222

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201310-222

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004608

PATCH
title:Cisco Unified Computing System Fabric Interconnect Command Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4108
Trust: 0.8
title:31230url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31230
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004608

EXTERNAL IDS
db:NVDid:CVE-2012-4108
Trust: 2.8
db:JVNDBid:JVNDB-2013-004608
Trust: 0.8
db:CISCOid:20131011 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT COMMAND INJECTION VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-201310-222
Trust: 0.6
db:BIDid:62979
Trust: 0.4
db:VULHUBid:VHN-57389
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57389 // 
            
            
            
            BID: 62979 // 
            
            
            
            JVNDB: JVNDB-2013-004608 // 
            
            
            
            CNNVD: CNNVD-201310-222 // 
            
            
            
            NVD: CVE-2012-4108

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4108
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4108
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4108
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57389 // 
            
            
            
            BID: 62979 // 
            
            
            
            JVNDB: JVNDB-2013-004608 // 
            
            
            
            CNNVD: CNNVD-201310-222 // 
            
            
            
            NVD: CVE-2012-4108

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62979

SOURCES
db:VULHUBid:VHN-57389
db:BIDid:62979
db:JVNDBid:JVNDB-2013-004608
db:CNNVDid:CNNVD-201310-222
db:NVDid:CVE-2012-4108

LAST UPDATE DATE
2024-08-14T15:30:18.305000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57389date:2013-10-15T00:00:00
db:BIDid:62979date:2013-10-16T01:45:00
db:JVNDBid:JVNDB-2013-004608date:2013-10-16T00:00:00
db:CNNVDid:CNNVD-201310-222date:2013-10-15T00:00:00
db:NVDid:CVE-2012-4108date:2013-10-15T16:51:05.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-57389date:2013-10-13T00:00:00
db:BIDid:62979date:2013-10-11T00:00:00
db:JVNDBid:JVNDB-2013-004608date:2013-10-16T00:00:00
db:CNNVDid:CNNVD-201310-222date:2013-10-15T00:00:00
db:NVDid:CVE-2012-4108date:2013-10-13T10:20:02.867