Sign-up

ID

VAR-201310-0025


CVE

CVE-2012-4110


TITLE

Cisco Unified Computing System Authenticated Vulnerability in Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004473

DESCRIPTION

run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. Cisco Unified Computing System (UCS) Of fabric interconnect components run-script Contains a privileged vulnerability. A local attacker can exploit this issue to execute arbitrary commands with root privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCtq86560. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. A security vulnerability exists in the 'run-script' command in the fabric-interconnect component of Cisco UCS due to the program not properly filtering user-submitted input

Trust: 1.98

sources: NVD: CVE-2012-4110 // JVNDB: JVNDB-2013-004473 // BID: 62737 // VULHUB: VHN-57391

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 62737 // JVNDB: JVNDB-2013-004473 // CNNVD: CNNVD-201310-048 // NVD: CVE-2012-4110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4110
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4110
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-048
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57391
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4110
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57391
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57391 // JVNDB: JVNDB-2013-004473 // CNNVD: CNNVD-201310-048 // NVD: CVE-2012-4110

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-57391 // JVNDB: JVNDB-2013-004473 // NVD: CVE-2012-4110

THREAT TYPE

local

Trust: 0.9

sources: BID: 62737 // CNNVD: CNNVD-201310-048

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-048

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004473

PATCH
title:Cisco Unified Computing System Fabric Interconnect run-script Command Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4110
Trust: 0.8
title:31081url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31081
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004473

EXTERNAL IDS
db:NVDid:CVE-2012-4110
Trust: 2.8
db:JVNDBid:JVNDB-2013-004473
Trust: 0.8
db:CNNVDid:CNNVD-201310-048
Trust: 0.7
db:CISCOid:20130930 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT RUN-SCRIPT COMMAND INJECTION VULNERABILITY
Trust: 0.6
db:BIDid:62737
Trust: 0.4
db:VULHUBid:VHN-57391
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57391 // 
            
            
            
            BID: 62737 // 
            
            
            
            JVNDB: JVNDB-2013-004473 // 
            
            
            
            CNNVD: CNNVD-201310-048 // 
            
            
            
            NVD: CVE-2012-4110

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4110
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4110
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4110
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57391 // 
            
            
            
            BID: 62737 // 
            
            
            
            JVNDB: JVNDB-2013-004473 // 
            
            
            
            CNNVD: CNNVD-201310-048 // 
            
            
            
            NVD: CVE-2012-4110

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62737

SOURCES
db:VULHUBid:VHN-57391
db:BIDid:62737
db:JVNDBid:JVNDB-2013-004473
db:CNNVDid:CNNVD-201310-048
db:NVDid:CVE-2012-4110

LAST UPDATE DATE
2024-08-14T14:34:17.139000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57391date:2013-10-03T00:00:00
db:BIDid:62737date:2013-10-04T00:15:00
db:JVNDBid:JVNDB-2013-004473date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-048date:2013-10-09T00:00:00
db:NVDid:CVE-2012-4110date:2013-10-03T18:31:37.253

SOURCES RELEASE DATE
db:VULHUBid:VHN-57391date:2013-10-02T00:00:00
db:BIDid:62737date:2013-09-30T00:00:00
db:JVNDBid:JVNDB-2013-004473date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-048date:2013-10-09T00:00:00
db:NVDid:CVE-2012-4110date:2013-10-02T22:55:23.493