Sign-up

ID

VAR-201310-0032


CVE

CVE-2012-4117


TITLE

Cisco Unified Computing System Of fabric interconnect components SSL KVM Vulnerability to see video channel traffic

Trust: 0.8

sources: JVNDB: JVNDB-2013-004815

DESCRIPTION

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033. Cisco Unified Computing System is prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCtr73033. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2012-4117 // JVNDB: JVNDB-2013-004815 // BID: 63209 // VULHUB: VHN-57398

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system softwarescope:lteversion:2.1(1f)

Trust: 0.8

vendor:ciscomodel:unified computing system 2.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

sources: BID: 63209 // JVNDB: JVNDB-2013-004815 // CNNVD: CNNVD-201310-470 // NVD: CVE-2012-4117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4117
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4117
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-470
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57398
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4117
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57398
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57398 // JVNDB: JVNDB-2013-004815 // CNNVD: CNNVD-201310-470 // NVD: CVE-2012-4117

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-57398 // JVNDB: JVNDB-2013-004815 // NVD: CVE-2012-4117

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-470

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-470

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004815

PATCH
title:Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4117
Trust: 0.8
title:31358url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31358
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004815

EXTERNAL IDS
db:NVDid:CVE-2012-4117
Trust: 2.8
db:JVNDBid:JVNDB-2013-004815
Trust: 0.8
db:CNNVDid:CNNVD-201310-470
Trust: 0.7
db:CISCOid:20131017 CISCO UNIFIED COMPUTING SYSTEM FABRIC INTERCONNECT MAN-IN-THE-MIDDLE VULNERABILITY
Trust: 0.6
db:BIDid:63209
Trust: 0.4
db:VULHUBid:VHN-57398
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57398 // 
            
            
            
            BID: 63209 // 
            
            
            
            JVNDB: JVNDB-2013-004815 // 
            
            
            
            CNNVD: CNNVD-201310-470 // 
            
            
            
            NVD: CVE-2012-4117

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4117
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4117
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4117
Trust: 0.8
sources:
            
            
            VULHUB: VHN-57398 // 
            
            
            
            JVNDB: JVNDB-2013-004815 // 
            
            
            
            CNNVD: CNNVD-201310-470 // 
            
            
            
            NVD: CVE-2012-4117

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63209

SOURCES
db:VULHUBid:VHN-57398
db:BIDid:63209
db:JVNDBid:JVNDB-2013-004815
db:CNNVDid:CNNVD-201310-470
db:NVDid:CVE-2012-4117

LAST UPDATE DATE
2024-08-14T15:44:53.894000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57398date:2013-10-21T00:00:00
db:BIDid:63209date:2013-10-21T00:38:00
db:JVNDBid:JVNDB-2013-004815date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-470date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4117date:2013-10-21T13:51:46.537

SOURCES RELEASE DATE
db:VULHUBid:VHN-57398date:2013-10-19T00:00:00
db:BIDid:63209date:2013-10-17T00:00:00
db:JVNDBid:JVNDB-2013-004815date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-470date:2013-10-21T00:00:00
db:NVDid:CVE-2012-4117date:2013-10-19T10:36:07.493