Sign-up

ID

VAR-201310-0029


CVE

CVE-2012-4114


TITLE

Cisco Unified Computing System Fabric interconnect KVM In module KVM Vulnerability to view display content

Trust: 0.8

sources: JVNDB: JVNDB-2013-004813

DESCRIPTION

The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. Cisco Unified Computing System is prone to an information-disclosure vulnerability. Attackers can exploit this issue to perform a man-in-the-middle attack and gain access or modify video stream. Successful exploits will lead to other attacks. This issue is being tracked by Cisco Bug ID CSCtr72949. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the fact that the video data sent by KVM is not encrypted

Trust: 1.98

sources: NVD: CVE-2012-4114 // JVNDB: JVNDB-2013-004813 // BID: 63207 // VULHUB: VHN-57395

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1(1f)

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:0

Trust: 0.3

sources: BID: 63207 // JVNDB: JVNDB-2013-004813 // CNNVD: CNNVD-201310-468 // NVD: CVE-2012-4114

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4114
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4114
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-468
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57395
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4114
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57395
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57395 // JVNDB: JVNDB-2013-004813 // CNNVD: CNNVD-201310-468 // NVD: CVE-2012-4114

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-57395 // JVNDB: JVNDB-2013-004813 // NVD: CVE-2012-4114

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-468

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201310-468

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004813

PATCH
title:Cisco Unified Computing System Baseboard Management Controller Command Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4114
Trust: 0.8
title:31355url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31355
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004813

EXTERNAL IDS
db:NVDid:CVE-2012-4114
Trust: 2.8
db:JVNDBid:JVNDB-2013-004813
Trust: 0.8
db:CISCOid:20131017 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT COMMAND INJECTION VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-201310-468
Trust: 0.6
db:BIDid:63207
Trust: 0.4
db:VULHUBid:VHN-57395
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57395 // 
            
            
            
            BID: 63207 // 
            
            
            
            JVNDB: JVNDB-2013-004813 // 
            
            
            
            CNNVD: CNNVD-201310-468 // 
            
            
            
            NVD: CVE-2012-4114

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4114
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4114
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4114
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57395 // 
            
            
            
            BID: 63207 // 
            
            
            
            JVNDB: JVNDB-2013-004813 // 
            
            
            
            CNNVD: CNNVD-201310-468 // 
            
            
            
            NVD: CVE-2012-4114

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63207

SOURCES
db:VULHUBid:VHN-57395
db:BIDid:63207
db:JVNDBid:JVNDB-2013-004813
db:CNNVDid:CNNVD-201310-468
db:NVDid:CVE-2012-4114

LAST UPDATE DATE
2024-08-14T15:35:09.015000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57395date:2013-10-21T00:00:00
db:BIDid:63207date:2013-10-17T00:00:00
db:JVNDBid:JVNDB-2013-004813date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-468date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4114date:2013-10-21T13:16:58.887

SOURCES RELEASE DATE
db:VULHUBid:VHN-57395date:2013-10-19T00:00:00
db:BIDid:63207date:2013-10-17T00:00:00
db:JVNDBid:JVNDB-2013-004813date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-468date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4114date:2013-10-19T10:36:07.197