SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Unified Computing System Vendors:   Cisco
Cisco Unified Computing System Bugs Let Remote Users Conduct Man-in-the-Middle Attacks and Obtain Information and Let Local Users View Files
SecurityTracker Alert ID:  1029209
SecurityTracker URL:  http://securitytracker.com/id/1029209
CVE Reference:   CVE-2012-4113, CVE-2012-4114, CVE-2012-4115, CVE-2012-4116, CVE-2012-4117   (Links to External Site)
Date:  Oct 18 2013
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Cisco Unified Computing System. A local user can view files on the target system. A remote user can obtain potentially sensitive information. A remote user can conduct man-in-the-middle attacks.

A local user can supply specially crafted parameters to certain command-line interface (CLI) commands to view files on the underlying filesystem with elevated privileges [CVE-2012-4113].

The vendor has assigned Bug ID CSCtr43374 to this vulnerability.

A remote user can conduct a man-in-the-middle attack against the Fabric Interconnect KVM module to access and modify the video stream [CVE-2012-4114].

The vendor has assigned Bug ID CSCtr72949 to this vulnerability.

A remote user can conduct a man-in-the-middle attack against in the Fabric Interconnect to capture or modify KVM virtual media traffic [CVE-2012-4115].

The vendor has assigned Bug ID CSCtr72964 to this vulnerability.

A remote user that can monitor network traffic can establish an authenticated connection with the target KVM server [CVE-2012-4116].

The vendor has assigned Bug ID CSCtr72970 to this vulnerability.

A remote user can conduct a man-in-the-middle attack against the Fabric Interconnect to view or modify traffic on the KVM video channel [CVE-2012-4117].

The vendor has assigned Bug ID CSCtr73033 to this vulnerability.

Impact:   A local user can view files on the target system.

A remote user can obtain potentially sensitive information.

A remote user can conduct man-in-the-middle attacks.

Solution:   The vendor has issued a fix [except for CVE-2012-4116].

The vendor's advisories are available at:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4113
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4114
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4116
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4117

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4113 (Links to External Site)
Cause:   Access control error, Authentication error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC