Sign-up

ID

VAR-201310-0027


CVE

CVE-2012-4112


TITLE

Cisco Unified Computing System of Baseboard Management Controller Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-004811

DESCRIPTION

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. Cisco Unified Computing System is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue is being tracked by Cisco Bug ID CSCtr43330. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability stems from the fact that the program does not properly filter the parameters submitted by the user

Trust: 1.98

sources: NVD: CVE-2012-4112 // JVNDB: JVNDB-2013-004811 // BID: 63177 // VULHUB: VHN-57393

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:1.4(1c)

Trust: 0.8

sources: JVNDB: JVNDB-2013-004811 // CNNVD: CNNVD-201310-466 // NVD: CVE-2012-4112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4112
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4112
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-466
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57393
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4112
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57393
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57393 // JVNDB: JVNDB-2013-004811 // CNNVD: CNNVD-201310-466 // NVD: CVE-2012-4112

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-57393 // JVNDB: JVNDB-2013-004811 // NVD: CVE-2012-4112

THREAT TYPE

local

Trust: 0.9

sources: BID: 63177 // CNNVD: CNNVD-201310-466

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-466

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004811

PATCH
title:Cisco Unified Computing System Baseboard Management Controller Command Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4112
Trust: 0.8
title:31319url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31319
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004811

EXTERNAL IDS
db:NVDid:CVE-2012-4112
Trust: 2.8
db:JVNDBid:JVNDB-2013-004811
Trust: 0.8
db:CNNVDid:CNNVD-201310-466
Trust: 0.7
db:CISCOid:20131016 CISCO UNIFIED COMPUTING SYSTEM BASEBOARD MANAGEMENT CONTROLLER COMMAND INJECTION VULNERABILITY
Trust: 0.6
db:BIDid:63177
Trust: 0.4
db:VULHUBid:VHN-57393
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57393 // 
            
            
            
            BID: 63177 // 
            
            
            
            JVNDB: JVNDB-2013-004811 // 
            
            
            
            CNNVD: CNNVD-201310-466 // 
            
            
            
            NVD: CVE-2012-4112

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4112
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4112
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4112
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57393 // 
            
            
            
            BID: 63177 // 
            
            
            
            JVNDB: JVNDB-2013-004811 // 
            
            
            
            CNNVD: CNNVD-201310-466 // 
            
            
            
            NVD: CVE-2012-4112

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63177

SOURCES
db:VULHUBid:VHN-57393
db:BIDid:63177
db:JVNDBid:JVNDB-2013-004811
db:CNNVDid:CNNVD-201310-466
db:NVDid:CVE-2012-4112

LAST UPDATE DATE
2024-08-14T14:52:36.964000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57393date:2013-10-21T00:00:00
db:BIDid:63177date:2013-10-21T01:06:00
db:JVNDBid:JVNDB-2013-004811date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-466date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4112date:2013-10-21T12:45:31.930

SOURCES RELEASE DATE
db:VULHUBid:VHN-57393date:2013-10-19T00:00:00
db:BIDid:63177date:2013-10-16T00:00:00
db:JVNDBid:JVNDB-2013-004811date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-466date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4112date:2013-10-19T10:36:06.777