Details of VAR-201310-0024

ID

VAR-201310-0024

CVE

CVE-2012-4109

TITLE

Cisco Unified Computing System Authenticated Vulnerability in Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004472

DESCRIPTION

The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559. A local attacker can exploit this issue to execute arbitrary commands with root privileges. Successful exploits may compromise the affected device. This issue is being tracked by Cisco Bug ID CSCtq86559. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4109 // JVNDB: JVNDB-2013-004472 // BID: 62735 // VULHUB: VHN-57390

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system 1.4	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	2.1	Trust: 0.8
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 62735 // JVNDB: JVNDB-2013-004472 // CNNVD: CNNVD-201310-047 // NVD: CVE-2012-4109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4109
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4109
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-047
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57390
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4109
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57390
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57390 // JVNDB: JVNDB-2013-004472 // CNNVD: CNNVD-201310-047 // NVD: CVE-2012-4109

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-57390 // JVNDB: JVNDB-2013-004472 // NVD: CVE-2012-4109

THREAT TYPE

local

Trust: 0.9

sources: BID: 62735 // CNNVD: CNNVD-201310-047

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-047

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004472

PATCH

title:	Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4109	Trust: 0.8
title:	31080	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31080	Trust: 0.8

sources: JVNDB: JVNDB-2013-004472

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4109	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004472	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-047	Trust: 0.7
db:	CISCO	id:	20130930 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT CLEAR SSHKEY COMMAND INJECTION VULNERABILITY	Trust: 0.6
db:	BID	id:	62735	Trust: 0.4
db:	VULHUB	id:	VHN-57390	Trust: 0.1

sources: VULHUB: VHN-57390 // BID: 62735 // JVNDB: JVNDB-2013-004472 // CNNVD: CNNVD-201310-047 // NVD: CVE-2012-4109

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4109	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4109	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4109	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57390 // BID: 62735 // JVNDB: JVNDB-2013-004472 // CNNVD: CNNVD-201310-047 // NVD: CVE-2012-4109

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62735

SOURCES

db:	VULHUB	id:	VHN-57390
db:	BID	id:	62735
db:	JVNDB	id:	JVNDB-2013-004472
db:	CNNVD	id:	CNNVD-201310-047
db:	NVD	id:	CVE-2012-4109

LAST UPDATE DATE

2024-08-14T15:19:16.468000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57390	date:	2013-10-03T00:00:00
db:	BID	id:	62735	date:	2013-10-04T00:15:00
db:	JVNDB	id:	JVNDB-2013-004472	date:	2013-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201310-047	date:	2013-10-09T00:00:00
db:	NVD	id:	CVE-2012-4109	date:	2013-10-03T15:58:06.090

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57390	date:	2013-10-02T00:00:00
db:	BID	id:	62735	date:	2013-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-004472	date:	2013-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201310-047	date:	2013-10-09T00:00:00
db:	NVD	id:	CVE-2012-4109	date:	2013-10-02T22:55:23.477