Details of VAR-201310-0026

ID

VAR-201310-0026

CVE

CVE-2012-4111

TITLE

Cisco Unified Computing System Authenticated Vulnerability in Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004474

DESCRIPTION

The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563. Cisco Unified Computing System is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands with root privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCtq86563. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4111 // JVNDB: JVNDB-2013-004474 // BID: 62734 // VULHUB: VHN-57392

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system 1.4	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	2.1	Trust: 0.8
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 62734 // JVNDB: JVNDB-2013-004474 // CNNVD: CNNVD-201310-049 // NVD: CVE-2012-4111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4111
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4111
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-049
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57392
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4111
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57392
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57392 // JVNDB: JVNDB-2013-004474 // CNNVD: CNNVD-201310-049 // NVD: CVE-2012-4111

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-57392 // JVNDB: JVNDB-2013-004474 // NVD: CVE-2012-4111

THREAT TYPE

local

Trust: 0.9

sources: BID: 62734 // CNNVD: CNNVD-201310-049

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-049

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004474

PATCH

title:	Cisco Unified Computing System Fabric Interconnect create certreq Command Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4111	Trust: 0.8
title:	31079	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31079	Trust: 0.8

sources: JVNDB: JVNDB-2013-004474

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4111	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004474	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-049	Trust: 0.7
db:	CISCO	id:	20130930 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT CREATE CERTREQ COMMAND INJECTION VULNERABILITY	Trust: 0.6
db:	BID	id:	62734	Trust: 0.4
db:	VULHUB	id:	VHN-57392	Trust: 0.1

sources: VULHUB: VHN-57392 // BID: 62734 // JVNDB: JVNDB-2013-004474 // CNNVD: CNNVD-201310-049 // NVD: CVE-2012-4111

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4111	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4111	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4111	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57392 // BID: 62734 // JVNDB: JVNDB-2013-004474 // CNNVD: CNNVD-201310-049 // NVD: CVE-2012-4111

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62734

SOURCES

db:	VULHUB	id:	VHN-57392
db:	BID	id:	62734
db:	JVNDB	id:	JVNDB-2013-004474
db:	CNNVD	id:	CNNVD-201310-049
db:	NVD	id:	CVE-2012-4111

LAST UPDATE DATE

2024-08-14T15:40:04.945000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57392	date:	2013-10-03T00:00:00
db:	BID	id:	62734	date:	2013-10-04T00:15:00
db:	JVNDB	id:	JVNDB-2013-004474	date:	2013-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201310-049	date:	2013-10-09T00:00:00
db:	NVD	id:	CVE-2012-4111	date:	2013-10-03T18:06:48.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57392	date:	2013-10-02T00:00:00
db:	BID	id:	62734	date:	2013-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-004474	date:	2013-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201310-049	date:	2013-10-09T00:00:00
db:	NVD	id:	CVE-2012-4111	date:	2013-10-02T22:55:23.527