Details of VAR-201310-0030

ID

VAR-201310-0030

CVE

CVE-2012-4115

TITLE

Cisco Unified Computing System Vulnerability in obtaining critical information in fabric interconnect components

Trust: 0.8

sources: JVNDB: JVNDB-2013-004817

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964. Cisco Unified Computing System is prone to a remote information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information through man-in-the-middle attacks that may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtr72964. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4115 // JVNDB: JVNDB-2013-004817 // BID: 63208 // VULHUB: VHN-57396

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system 1.4	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	2.1(1f)	Trust: 0.8
vendor:	cisco	model:	unified computing system 2.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 63208 // JVNDB: JVNDB-2013-004817 // CNNVD: CNNVD-201310-492 // NVD: CVE-2012-4115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4115
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4115
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-492
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57396
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4115
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57396
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57396 // JVNDB: JVNDB-2013-004817 // CNNVD: CNNVD-201310-492 // NVD: CVE-2012-4115

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-57396 // JVNDB: JVNDB-2013-004817 // NVD: CVE-2012-4115

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-492

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201310-492

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004817

PATCH

title:	Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115	Trust: 0.8
title:	31356	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31356	Trust: 0.8

sources: JVNDB: JVNDB-2013-004817

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4115	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004817	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-492	Trust: 0.7
db:	CISCO	id:	20131017 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	BID	id:	63208	Trust: 0.4
db:	VULHUB	id:	VHN-57396	Trust: 0.1

sources: VULHUB: VHN-57396 // BID: 63208 // JVNDB: JVNDB-2013-004817 // CNNVD: CNNVD-201310-492 // NVD: CVE-2012-4115

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4115	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4115	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4115	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-57396 // BID: 63208 // JVNDB: JVNDB-2013-004817 // CNNVD: CNNVD-201310-492 // NVD: CVE-2012-4115

CREDITS

Cisco

Trust: 0.3

sources: BID: 63208

SOURCES

db:	VULHUB	id:	VHN-57396
db:	BID	id:	63208
db:	JVNDB	id:	JVNDB-2013-004817
db:	CNNVD	id:	CNNVD-201310-492
db:	NVD	id:	CVE-2012-4115

LAST UPDATE DATE

2024-08-14T14:06:44.638000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57396	date:	2013-10-21T00:00:00
db:	BID	id:	63208	date:	2013-10-21T00:18:00
db:	JVNDB	id:	JVNDB-2013-004817	date:	2013-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201310-492	date:	2013-10-22T00:00:00
db:	NVD	id:	CVE-2012-4115	date:	2013-10-21T17:18:31.353

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57396	date:	2013-10-21T00:00:00
db:	BID	id:	63208	date:	2013-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-004817	date:	2013-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201310-492	date:	2013-10-22T00:00:00
db:	NVD	id:	CVE-2012-4115	date:	2013-10-21T10:50:23.687