Sign-up

ID

VAR-201310-0028


CVE

CVE-2012-4113


TITLE

Cisco Unified Computing System Authenticated Vulnerability in Fabric Interconnect Component

Trust: 0.8

sources: JVNDB: JVNDB-2013-004812

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. Local attackers can exploit this issue to read and modify arbitrary files with elevated privileges. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtr43374. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability stems from the fact that the program does not properly filter the parameters submitted by the user

Trust: 1.98

sources: NVD: CVE-2012-4113 // JVNDB: JVNDB-2013-004812 // BID: 63180 // VULHUB: VHN-57394

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 63180 // JVNDB: JVNDB-2013-004812 // CNNVD: CNNVD-201310-467 // NVD: CVE-2012-4113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4113
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4113
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-467
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57394
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4113
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57394
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57394 // JVNDB: JVNDB-2013-004812 // CNNVD: CNNVD-201310-467 // NVD: CVE-2012-4113

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-57394 // JVNDB: JVNDB-2013-004812 // NVD: CVE-2012-4113

THREAT TYPE

local

Trust: 0.9

sources: BID: 63180 // CNNVD: CNNVD-201310-467

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-467

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004812

PATCH
title:Cisco Unified Computing System Baseboard Management Controller Command Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4113
Trust: 0.8
title:31318url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31318
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004812

EXTERNAL IDS
db:NVDid:CVE-2012-4113
Trust: 2.8
db:JVNDBid:JVNDB-2013-004812
Trust: 0.8
db:CISCOid:20131016 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT ARBITRARY FILE READ VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-201310-467
Trust: 0.6
db:BIDid:63180
Trust: 0.4
db:VULHUBid:VHN-57394
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57394 // 
            
            
            
            BID: 63180 // 
            
            
            
            JVNDB: JVNDB-2013-004812 // 
            
            
            
            CNNVD: CNNVD-201310-467 // 
            
            
            
            NVD: CVE-2012-4113

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4113
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4113
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4113
Trust: 0.8
sources:
            
            
            VULHUB: VHN-57394 // 
            
            
            
            JVNDB: JVNDB-2013-004812 // 
            
            
            
            CNNVD: CNNVD-201310-467 // 
            
            
            
            NVD: CVE-2012-4113

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63180

SOURCES
db:VULHUBid:VHN-57394
db:BIDid:63180
db:JVNDBid:JVNDB-2013-004812
db:CNNVDid:CNNVD-201310-467
db:NVDid:CVE-2012-4113

LAST UPDATE DATE
2024-08-14T13:35:33.231000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57394date:2013-10-21T00:00:00
db:BIDid:63180date:2013-10-21T01:06:00
db:JVNDBid:JVNDB-2013-004812date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-467date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4113date:2013-10-21T13:04:22.357

SOURCES RELEASE DATE
db:VULHUBid:VHN-57394date:2013-10-19T00:00:00
db:BIDid:63180date:2013-10-16T00:00:00
db:JVNDBid:JVNDB-2013-004812date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-467date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4113date:2013-10-19T10:36:07.027