Sign-up

ID

VAR-201310-0031


CVE

CVE-2012-4116


TITLE

Cisco Unified Computing System Vulnerability in obtaining critical information in fabric interconnect components

Trust: 0.8

sources: JVNDB: JVNDB-2013-004814

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. Cisco Unified Computing System is prone to a remote information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtr72970. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4116 // JVNDB: JVNDB-2013-004814 // BID: 63212 // VULHUB: VHN-57397

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.2

Trust: 0.8

vendor:ciscomodel:unified computing system 2.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 63212 // JVNDB: JVNDB-2013-004814 // CNNVD: CNNVD-201310-469 // NVD: CVE-2012-4116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4116
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4116
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-469
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57397
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4116
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57397
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57397 // JVNDB: JVNDB-2013-004814 // CNNVD: CNNVD-201310-469 // NVD: CVE-2012-4116

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-57397 // JVNDB: JVNDB-2013-004814 // NVD: CVE-2012-4116

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-469

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201310-469

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004814

PATCH
title:Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4116
Trust: 0.8
title:31357url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31357
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004814

EXTERNAL IDS
db:NVDid:CVE-2012-4116
Trust: 2.8
db:JVNDBid:JVNDB-2013-004814
Trust: 0.8
db:CNNVDid:CNNVD-201310-469
Trust: 0.7
db:CISCOid:20131017 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT INFORMATION DISCLOSURE VULNERABILITY
Trust: 0.6
db:BIDid:63212
Trust: 0.4
db:VULHUBid:VHN-57397
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57397 // 
            
            
            
            BID: 63212 // 
            
            
            
            JVNDB: JVNDB-2013-004814 // 
            
            
            
            CNNVD: CNNVD-201310-469 // 
            
            
            
            NVD: CVE-2012-4116

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4116
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4116
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4116
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57397 // 
            
            
            
            BID: 63212 // 
            
            
            
            JVNDB: JVNDB-2013-004814 // 
            
            
            
            CNNVD: CNNVD-201310-469 // 
            
            
            
            NVD: CVE-2012-4116

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63212

SOURCES
db:VULHUBid:VHN-57397
db:BIDid:63212
db:JVNDBid:JVNDB-2013-004814
db:CNNVDid:CNNVD-201310-469
db:NVDid:CVE-2012-4116

LAST UPDATE DATE
2024-08-14T14:06:44.670000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57397date:2013-10-21T00:00:00
db:BIDid:63212date:2013-10-21T00:18:00
db:JVNDBid:JVNDB-2013-004814date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-469date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4116date:2013-10-21T13:17:30.170

SOURCES RELEASE DATE
db:VULHUBid:VHN-57397date:2013-10-19T00:00:00
db:BIDid:63212date:2013-10-17T00:00:00
db:JVNDBid:JVNDB-2013-004814date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-469date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4116date:2013-10-19T10:36:07.337